spring - Spring boot 安全登录总是运行错误,没有描述
问题描述
哎哟!
我有一个小问题,我已经苦苦挣扎了将近 3 天。我查找了几乎所有与这个问题和答案相关的 stackoverflow 答案,但没有一个能帮助我解决这个问题。
我正在尝试使用 MySQL 和 Thymeleaf 使用 Spring Boot Security 创建登录注册 Web 应用程序。
到目前为止,我的注册工作非常顺利。我的登录部分有问题。我已经在我的UserServiceImpl中测试了输入,并且我的输入中没有空格,所以我认为我的输入是可以的。
我在尝试登录时总是遇到错误。“/login?error=true”
下面你可以看到我的项目结构。
我的安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(userService);
auth.setPasswordEncoder(passwordEncoder());
return auth;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/favicon.ico", "/resources/**", "/error", "/static/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(
"/signup",
"/kereses",
"/szallas",
"/index",
"/",
"/js/**",
"/bootstrap/**",
"/fonts/**",
"/css/**",
"/img/**",
"/static/**",
"/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/index", true)
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
}
这是 UserServiceImpl:
@Service
public class UserServiceImpl implements UserService{
private UserRepository userRepository;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
public UserServiceImpl(UserRepository userRepository) {
super();
this.userRepository = userRepository;
}
@Override
public User save(UserRegistrationDto registrationDto) {
User user = new User(registrationDto.getKeresztnev(),
registrationDto.getVezeteknev(), registrationDto.getEmail(),
passwordEncoder.encode(registrationDto.getJelszo()), Arrays.asList(new Role("ROLE_USER")));
return userRepository.save(user);
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByEmail(username);
if(user == null) {
throw new UsernameNotFoundException("Helytelen felhasználónév vagy jelszó.");
}
return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getJelszo(), mapRolesToAuthorities(user.getRoles()));
}
private Collection<? extends GrantedAuthority> mapRolesToAuthorities(Collection<Role> roles){
return roles.stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toList());
}
}
这是我的 login.html:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<title>SmartHotel.com</title>
<meta name="description" content="Az elérhető árú hotelek és szállások helye. Foglalj most!">
<link rel="stylesheet" href="/bootstrap/css/bootstrap.min.css" type="text/css" crossorigin="anonymous">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic" crossorigin="anonymous">
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap" rel="stylesheet" crossorigin="anonymous">
<link rel="stylesheet" href="/fonts/font-awesome.min.css" crossorigin="anonymous">
<link rel="stylesheet" href="/fonts/simple-line-icons.min.css" type="text/css" crossorigin="anonymous">
<link rel="stylesheet" href="/css/styles.min.css" type="text/css" crossorigin="anonymous">
<link rel="stylesheet" href="/css/login.css" type="text/css" crossorigin="anonymous">
</head>
<body>
<nav class="navbar navbar-light navbar-expand bg-light navigation-clean">
<div class="container"><a th:href="@{/}" class="navbar-brand">SmartHotel.com</a><button data-toggle="collapse" class="navbar-toggler" data-target="#navcol-1"></button>
<div class="collapse navbar-collapse" id="navcol-1"><a class="btn btn-primary ml-auto" role="button" th:href="@{signup}">Regisztráció</a></div>
</div>
</nav>
<div class="text-center h-100" style="background-color: white; background-size: cover;">
<div class="container">
<div class="text-center m-auto">
<!--LOGIN FORM TODO meghatarozni az actiont-->
<form th:action="@{/login}" method="post">
<h1 class="">Bejelentkezés</h1>
<div>
<!-- logout message -->
<div th:if="${param.logout}">
<div class="">Sikeresen kijelentkezés.</div>
</div>
<label for ="username" class="sr-only"> Email</label>
<input type="text" class = "form-control" id ="username" name = "username" placeholder="Email" autofocus="autofocus">
<label for="jelszo" class="sr-only">Jelszó</label>
<input type="password" id="jelszo" name="jelszo" class="form-control" placeholder="Jelszó" autocomplete="on" />
<input type="submit" name="login-submit" id="login-submit" value="Bejelentkezés" />
<span>Nincs még fiókja?<a th:href="@{/signup}">Regisztráció</a></span>
<p class="mt-5 mb-3 text-muted">© 2020</p>
</div>
</form>
</div>
</div>
</div>
</body>
</html>
在我的控制器中,我只有这个关于登录的代码,因为据我所知,我的身份验证是登录后的请求。
@GetMapping("/login")
public String login() {
return "login";
}
提前感谢任何帮助!
解决方案
你应该移动这条线
.anyRequest().authenticated()
要在该行之后:
.logout()
因为下面的行将匹配所有请求并要求身份验证
.anyRequest().authenticated()