spring - 如何通过@RestController中的身份验证方法从登录表单重定向到@Controller中的html文件?
问题描述
这是登录表格
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login Customer</title>
</head>
<body>
<div class="container">
<form class="form-signin" method="POST" action="/api/v1/auth/login">
<h2 class="form-signin-heading">Login</h2>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username" class="form-control" placeholder="Username" required>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
</p>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>
</body>
</html>
当用户提交登录表单时,它会将数据发送到@RestController 中的身份验证方法。
@RestController
@RequestMapping("/api/v1/auth")
public class AuthenticationRestControllerV1 {
private final AuthenticationManager authenticationManager;
private final UserRepository userRepository;
private final JwtTokenProvider jwtTokenProvider;
public AuthenticationRestControllerV1(AuthenticationManager authenticationManager, UserRepository userRepository, JwtTokenProvider jwtTokenProvider) {
this.authenticationManager = authenticationManager;
this.userRepository = userRepository;
this.jwtTokenProvider = jwtTokenProvider;
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public @ResponseBody ResponseEntity<?> authenticate(@RequestParam(name="username") String username, @RequestParam(name = "password") String password, HttpServletResponse response){
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
User user = userRepository.findByEmail(username).orElseThrow(() -> new UsernameNotFoundException("User doesn`t exist"));
String token = jwtTokenProvider.createToken(username, user.getRole().name());
Cookie cookie = new Cookie("Authorization", token);
cookie.setPath("/");
cookie.setHttpOnly(true);
response.addCookie(cookie);
return new ResponseEntity<>(new JwtResponse(username, token),HttpStatus.OK);
}catch (AuthenticationException exception){
return new ResponseEntity<>("Invalid email/password combination", HttpStatus.FORBIDDEN);
}
}
...
}
在 SecurityConfig 类方法中,configure 有 successForwardUrl("/auth/success") 必须将我重定向到成功页面,但事实并非如此。我还尝试了 defaultSuccessUrl("/auth/success") 和 successHandler(successHandler)。它根本不起作用,所以它让我保持身份验证方法
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final JwtConfigurer jwtConfigurer;
private final JwtAuthenticationSuccessHandler successHandler;
public SecurityConfig(JwtConfigurer jwtConfigurer, JwtAuthenticationSuccessHandler successHandler) {
this.jwtConfigurer = jwtConfigurer;
this.successHandler = successHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/v1/auth/login").permitAll()
.antMatchers("/auth/login").permitAll()
.anyRequest().authenticated().and().apply(jwtConfigurer)
.and().formLogin().loginPage("/auth/login").permitAll().successForwardUrl("/auth/success");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Bean
protected PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(12);
}
}
这是我用来获取登录页面和成功页面的@Controller
@Controller
@RequestMapping("/auth")
public class AuthController {
@GetMapping("/login")
public String getLoginPage(){
return "login";
}
@GetMapping("/success")
public String getSuccessPage(){
return "success";
}
}
解决方案
推荐阅读
- rust - 我可以从函数中自动返回 Ok(()) 或 None 吗?
- android - react native 项目中 app.js 文件中所做的更改未反映
- c# - 如何在c#中将方法作为参数传递
- c# - 一次性错误 - 通信对象无法用于通信,因为它已被中止
- javascript - Javascript - 关闭模态后关注元素
- google-chrome-extension - 循环读取带有 Chrome 扩展的 HTML 页面的内容
- c# - 为自己开发的扩展获取正确的 VS2017 实例
- android - RxJava2 与 Room 错误处理 - 数据库主线程异常
- search - Solr 中 IndexSearcher 的生命周期
- reactjs - 按下 Escape 键后的 event.stopPropagation() 从 react-select 的 v2 中移除