我的项目“/ register”和“/ login”中只有2个页面。 login.jsp页面来自默认的spring安全登录。 register.jsp是由我创建的。Spring Security - 简单用户注册(不是xml配置)
我春天的安全配置:
package com.cihangirmercan.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("cihangir").password("mercan")
.roles("USER"); // the only user at the beginning
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login", "/register").permitAll() // anonym can login or register
.antMatchers("/").access("hasRole('USER')") // home page is not allowed if not user is logged in
.and().formLogin();
http.csrf().disable();
}
}
所以,在开始的时候,只有一个用户ID:“吉汉吉尔”,并通过“梅尔坎”可以通过过滤器和登录。我想要的是使用用户名和密码注册后,我希望这个新的注册拥有ROLE_USER并且可以在那之后登录。
RegisterController:
package com.cihangirmercan.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
@Controller
@SessionAttributes("registerWarning")
public class RegisterController {
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegisterPage(ModelMap model) {
return "register";
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String handleRegisterRequest(ModelMap model,
@RequestParam String username,
@RequestParam String password) {
// i want to give this username and password ROLE_USER
// hence user can login with spring security
// done
return "redirect:/login";
}
}
register.jsp:
<html>
<head>
<title>Register</title>
</head>
<body>
<h1>Register</h1>
<form action="/register" method="post" >
<label>Username:</label>
<input type="text" name="username" required><br><br>
<label>Password:</label>
<input type="password" name="password"><br><br>
<input type="submit" value="Register">
</form>
</body>
</html>
WelcomeController:(欢迎页)
package com.cihangirmercan.controller;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class WelcomeController {
@RequestMapping(value = "/", method = RequestMethod.GET)
public String showWelcomePage(ModelMap model) {
model.put("username", getLoggedInUserName());
return "welcome";
}
private String getLoggedInUserName() {
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
if (principal instanceof UserDetails)
return ((UserDetails) principal).getUsername();
return principal.toString();
}
}
的welcome.jsp:
<html>
<head>
<title>Home</title>
</head>
<body>
<h2>Home Page</h2>
<br>
<h4>${username} is at home.</h4>
</body>
</html>
此外,web.xml和调度,servlet和pom.xml中他们是我的一切。
可能的复制 - http://stackoverflow.com/questions/32244745/how-to-adding-new-user-to-spring-security-in-runtime – farrellmr