spring SecurityFilterChain - http.authorizeHttpRequests()不工作,本地主机重定向您的次数太多

fgw7neuy  于 2022-12-10  发布在  Spring
关注(0)|答案(1)|浏览(264)

由于WebSecurityConfigurerAdapter已被弃用,我尝试将configure(HttpSecurity http)替换为SecurityFilterChain filterChain(HttpSecurity http)。我试着拼凑以下代码,但它不起作用,并在chrome上给出localhost redirected you too many times错误,但在控制台上没有显示任何错误。我甚至按照建议清除了cookie,但它仍然不起作用。

应用程序安全配置.java

@Configuration
public class AppSecurityConfig {
    @Autowired
    private UserDetailsService userDetailsService;
    
    @Bean
    public AuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(new BCryptPasswordEncoder()); 
        
        return provider;
    }
    
    //Trying to replace configure(HttpSecurity http) method
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        
        http
            .csrf().disable()
            .authorizeHttpRequests()
            .requestMatchers("/login").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login").permitAll()
            .and()
            .logout().invalidateHttpSession(true)
            .clearAuthentication(true)
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/logout-success").permitAll();

        
        return http.build();
    }
}

.authorizeRequests()已被弃用,因此我使用.authorizeHttpRequests()。下面的SS是chrome的输出:Output error from chrome

家庭控制器.java

@Controller
public class HomeController {
    @RequestMapping("/")
    public String home() {
        return "home.jsp";
    }
    
    @RequestMapping("/login")
    public String loginPage() {
        return "login.jsp";
    }
    @RequestMapping("/logout-success")
    public String logoutPage() {
        return "logout.jsp";
    }
}

登录名.jsp

<body>
    <h1>Login</h1>
    ${SPRING_SECURITY_LAST_EXCEPTION.message}
    <form action="login" method="post">
        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='username' value='' /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="password" name='password' /></td>
            </tr>
            <tr>
                <td><input type="submit" name='submit' value='submit' /></td>
            </tr>
        </table>
    </form>
    
</body>
</html>
pod7payv

pod7payv1#

.loginPage() javadoc是这样说的:
...login page to redirect to if authentication is required...
通过由控制器提供服务的终结点/login,您进入了重定向周期。您可以尝试下一步:
1.创建MvcConfig类(根据您自己的规则进行自定义):

@Configuration
public class MvcConfig extends WebMvcConfigurationSupport {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/login").setViewName("login");
    }

    @Override
    protected void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
    }
}

1.从控制器中删除或/login端点。
1.测试新配置。
希望它能有所帮助,随时为我的答案给予反馈。

相关问题