时间戳

首页 > 解决方案 > Why Doesn't Login Page In Vaadin Show Up When I'm Using Spring Security

java - Why Doesn't Login Page In Vaadin Show Up When I'm Using Spring Security

问题描述

I have setup a basic Spring security configuration:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
          .withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER")
          .and()
          .withUser("user2").password(passwordEncoder().encode("user2Pass")).roles("USER")
          .and()
          .withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
          .csrf().disable()
          .authorizeRequests()
          .antMatchers("/**").hasAnyRole("USER", "ADMIN")
          .antMatchers("/login*").permitAll()
          .anyRequest().authenticated()
          .and()
          .formLogin()
          .loginPage("/login").permitAll();

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

And a login page as well:

@Viewport("width=device-width, minimum-scale=1, initial-scale=1, user-scalable=yes, viewport-fit=cover")
@Route("login")
@PageTitle("Login")
public class Login extends VerticalLayout {     
   /**
     * 
     */
    private static final long serialVersionUID = 1L;

        public Login(){
            LoginOverlay login = new LoginOverlay(); // 
            login.setAction("login"); // 
            login.setOpened(true); // 
            login.setTitle("Spring Secured Vaadin");
            login.setDescription("Login Overlay Example");
            add(login); 

        }
}

But when I access localhost:8080 without logging in, then Spring will navigate me to localhost:8080/login.

The problem is that I'm expecting Vaadin's built in standard login layout. But nothing is appearing. Just a white empty page. Have I forgot something?

标签: javaspringspring-securityvaadin

解决方案

configure(WebSecurity web)发生这种情况是因为您忘记覆盖SecurityConfiguration类中的方法,如教程为 Vaadin 应用程序设置 Spring Security 中所述:

/**
 * Allows access to static resources, bypassing Spring security.
 */
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(
            // Vaadin Flow static resources // 
            "/VAADIN/**",

            // the standard favicon URI
            "/favicon.ico",

            // the robots exclusion standard
            "/robots.txt",

            // web application manifest // 
            "/manifest.webmanifest",
            "/sw.js",
            "/offline-page.html",

            // (development mode) static resources // 
            "/frontend/**",

            // (development mode) webjars // 
            "/webjars/**",

            // (production mode) static resources // 
            "/frontend-es5/**", "/frontend-es6/**");
}

我建议您通读整个教程系列,也许您也忽略了其他内容。

推荐阅读