我正在尝试使用Spring Security在我的登录屏幕上进行身份验证,但是我键入的任何数据都允许,即使是空白的。
看起来他甚至没有触发Spring Security模块。
在过去,这个应用程序可以工作,但是包是不同的,在他们重新组织包之后,它开始出现这个问题。
我执行的另一个测试是删除代码. loginPage("/login"),当访问超文本传输协议时://localhost:8080/login错误400。在我看来,如果调用安全模块,它将至少返回错误500,对吗?
你能帮我吗?
WebSecurityConfig.java
package com.XXX.brxm.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ImplementsUserDetailsService userDetailsSevice;
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("HTTP SECURITY!!!");
http.csrf().disable()
.authorizeRequests()
.antMatchers("/css/**", "/js/**","/img/**", "favicon.ico")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("Autenticação!!!");
auth.userDetailsService(userDetailsSevice).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/materialize/**", "/style/**", "/resources/**", "/favicon.ico", "/**");
}
}
ImplementsUserDetailsService.java
package com.XXX.brxm.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import com.XXX.brxm.login.model.Login;
import com.XXX.brxm.login.repository.LoginRepository;
@Repository
public class ImplementsUserDetailsService implements UserDetailsService{
@Autowired
private LoginRepository ur;
@Override
public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException {
Login usuario = ur.findByLogin(login);
if(usuario == null)
throw new UsernameNotFoundException("User not found!");
return usuario;
}
}
POM. xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.3.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.XXX</groupId>
<artifactId>Publisher</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>publisher</name>
<description>Publisher module for XXX</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-batch</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.batch</groupId>
<artifactId>spring-batch-infrastructure</artifactId>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId>
<version>4.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
<version>2.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.batch</groupId>
<artifactId>spring-batch-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId>
</dependency> -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<type>jar</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
</pluginRepository>
</pluginRepositories>
<repositories>
<repository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>
LoginController.java
package com.XXX.brxm.security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
@RequestMapping(value = "/login")
public String login() {
return "login";
}
}
登录. html
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>XXX</title>
<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap" rel="stylesheet">
<meta charset="UTF-8">
</head>
<body>
<div class="login_main">
<div class="login-page">
<img src="/img/logo_grande_fundo_transparente.png" id="logo_form" />
<div th:fragment="content" class="form">
<center><strong><legend class="form_text_title">Autenticação</legend></strong></center>
<br>
<form name="f" th:action="@{/login}" method="POST"
class="login-form">
<fieldset class="input_form_fieldset border_form">
<legend align="left" class="form_text"> Usuário </legend>
<input type="text" id="username" name="username" />
</fieldset>
<br>
<fieldset class="input_form_fieldset border_form">
<legend align="left" class="form_text"> Senha </legend>
<input type="password" id="password" name="password" />
</fieldset>
<div class="form-actions">
<button type="submit" class="btn border_form">Entrar</button>
</div>
</form>
<div th:if="${param.error}" class="error">Usuário ou Senha Inválidos.</div>
<div th:if="${param.logout}" class="alert alert-success">Sessão Encerrada.</div>
<br>
<center><p>Copyright © XXX 2020.</p></center>
</div>
</div>
</div>
<style>
@media ( min-device-width : 700px) {
.form_text_title{
color: #01143d;
font-weight: 800;
font-size: 20px;
}
.form_text{
color: #35363a;
font-weight: 800;
font-size: 12px;
}
.error{
color: red;
}
.border_form{
border-radius: 4px;
}
.login_main {
margin: 2% 28%;
}
.form-actions {
padding-top: 10%;
}
.input_form_fieldset {
border-color: #35363a;
padding-inline-start: 1%;
padding-inline-end: 1%;
padding-bottom: 0%;
}
#logo_form {
margin-left: 12%;
width: 250px;
padding-bottom: 14%;
}
.login-page {
width: 360px;
padding: 8% 0 0;
margin: auto;
}
.form {
z-index: 1;
background: #43a04700;
max-width: 360px;
margin: 0 auto 100px;
padding: 45px;
text-align: center;
box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.2), 0 5px 5px 0
rgba(0, 0, 0, 0.24);
}
.form input {
font-family: "Roboto", sans-serif;
outline: 0;
background: #0365a700;
width: 100%;
border: 0;
box-sizing: border-box;
font-size: 14px;
}
::-webkit-input-placeholder {
color: black;
}
.form button {
font-family: "Roboto", sans-serif;
text-transform: uppercase;
outline: 0;
background: #02123e;
width: 100%;
border: 0;
padding: 9px;
color: #FFFFFF;
font-size: 14px;
-webkit-transition: all 0.3 ease;
transition: all 0.3 ease;
cursor: pointer;
}
.form button:hover, .form button:active, .form button:focus {
background: #43A047;
}
.form .message {
margin: 15px 0 0;
color: #b3b3b3;
font-size: 12px;
}
.form .message a {
color: #4CAF50;
text-decoration: none;
}
.form .register-form {
display: none;
}
.container {
position: relative;
z-index: 1;
max-width: 300px;
margin: 0 auto;
}
.container:before, .container:after {
content: "";
display: block;
clear: both;
}
.container .info {
margin: 50px auto;
text-align: center;
}
.container .info h1 {
margin: 0 0 15px;
padding: 0;
font-size: 36px;
font-weight: 300;
color: #1a1a1a;
}
.container .info span {
color: #4d4d4d;
font-size: 12px;
}
.container .info span a {
color: #000000;
text-decoration: none;
}
.container .info span .fa {
color: #EF3B3A;
}
body {
font-family: "Roboto", sans-serif;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
}
</style>
<script>
$('.message a').click(function() {
$('form').animate({
height : "toggle",
opacity : "toggle"
}, "slow");
});
</script>
</body>
</html>
Main.java
package com.XXX.brxm;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import java.util.Arrays;
import org.springframework.batch.core.Job;
import org.springframework.batch.core.JobParameters;
import org.springframework.batch.core.JobParametersBuilder;
import org.springframework.batch.core.launch.JobLauncher;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ApplicationContext;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@EnableScheduling
@SpringBootApplication
@EnableResourceServer
public class Main {
@Autowired
JobLauncher jobLauncher;
@Autowired
Job transmissionJob;
public static void main(String[] args) {
SpringApplication.run(Main.class, args);
}
@Scheduled(cron = "0 */1 * * * ?")
public void perform() throws Exception {
JobParameters params = new JobParametersBuilder()
.addString("JobID", String.valueOf(System.currentTimeMillis()))
.toJobParameters();
jobLauncher.run(transmissionJob, params);
}
}
只要删除@EnableResourceServer,我不明白你为什么需要它。