1. 首頁
  2. 問答
  3. 我能夠在Spring Security中進行身份驗證?

我能夠在Spring Security中進行身份驗證?

2016-09-19 117 views
0

我正在使用Spring Security根據角色對用戶進行身份驗證。對於身份驗證是/**給予:不顯示我能夠在Spring Security中進行身份驗證?

Page load failed with error: too many HTTP redirects

錯誤和登錄頁面。

protected void configure(HttpSecurity http) throws Exception { 
      http.authorizeRequests() 
      .antMatchers("/login*").authenticated() 
      .antMatchers("/**").authenticated() 
      .and() 
      .formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/welcome") 
      .usernameParameter("username").passwordParameter("password") 
      .and() 
      .logout().logoutSuccessUrl("/login?logout").logoutUrl("/login?logout") 
      .and() 
      .exceptionHandling().accessDeniedPage("/accessDenied") 
      .and() 
      .csrf(); 
     }

但如果我這樣做:

protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests() 
     .antMatchers("/login").authenticated() 
     .antMatchers("/").authenticated() 
     .and() 
     .formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/welcome") 
     .usernameParameter("username").passwordParameter("password") 
     .and() 
     .logout().logoutSuccessUrl("/login?logout").logoutUrl("/login?logout") 
     .and() 
     .exceptionHandling().accessDeniedPage("/accessDenied") 
     .and() 
     .csrf(); 
    }

有什麼錯此代碼爲/** URL驗證?

來源

2016-09-19 bthapa

回答

1

您的登錄頁面是不是未授權的用戶訪問:

.antMatchers("/login*").authenticated()

所以春季安全重定向到登錄頁面,其重定向到您的登錄電子頁面,...

你必須允許未經認證的用戶讓你的登錄頁面,看到Spring Security Reference

While the automatically generated log in page is convenient to get up and running quickly, most applications will want to provide their own log in page. To do so we can update our configuration as seen below:

protected void configure(HttpSecurity http) throws Exception { 
    http 
     .authorizeRequests() 
      .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/login") 1 
      .permitAll();  2 
}

1 The updated configuration specifies the location of the log in page.

2 We must grant all users (i.e. unauthenticated users) access to our log in page. The formLogin().permitAll() method allows granting access to all users for all URLs associated with form based log in.

如果刪除通配符(*)所有頁面AR除了login/之外,未經身份驗證的用戶均可訪問。

來源

2016-09-19 20:22:01 dur

相關問題

 相關問題