1. 首页
  2. 问答
  3. 我能够在Spring Security中进行身份验证?

我能够在Spring Security中进行身份验证?

2016-09-19 37 views
0

我正在使用Spring Security根据角色对用户进行身份验证。对于身份验证是/**给予:不显示我能够在Spring Security中进行身份验证?

Page load failed with error: too many HTTP redirects

错误和登录页面。

protected void configure(HttpSecurity http) throws Exception { 
      http.authorizeRequests() 
      .antMatchers("/login*").authenticated() 
      .antMatchers("/**").authenticated() 
      .and() 
      .formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/welcome") 
      .usernameParameter("username").passwordParameter("password") 
      .and() 
      .logout().logoutSuccessUrl("/login?logout").logoutUrl("/login?logout") 
      .and() 
      .exceptionHandling().accessDeniedPage("/accessDenied") 
      .and() 
      .csrf(); 
     }

但如果我这样做:

protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests() 
     .antMatchers("/login").authenticated() 
     .antMatchers("/").authenticated() 
     .and() 
     .formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/welcome") 
     .usernameParameter("username").passwordParameter("password") 
     .and() 
     .logout().logoutSuccessUrl("/login?logout").logoutUrl("/login?logout") 
     .and() 
     .exceptionHandling().accessDeniedPage("/accessDenied") 
     .and() 
     .csrf(); 
    }

有什么错此代码为/** URL验证?

来源

2016-09-19 bthapa

回答

1

您的登录页面是不是未授权的用户访问:

.antMatchers("/login*").authenticated()

所以春季安全重定向到登录页面,其重定向到您的登录电子页面,...

你必须允许未经认证的用户让你的登录页面,看到Spring Security Reference

While the automatically generated log in page is convenient to get up and running quickly, most applications will want to provide their own log in page. To do so we can update our configuration as seen below:

protected void configure(HttpSecurity http) throws Exception { 
    http 
     .authorizeRequests() 
      .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/login") 1 
      .permitAll();  2 
}

1 The updated configuration specifies the location of the log in page.

2 We must grant all users (i.e. unauthenticated users) access to our log in page. The formLogin().permitAll() method allows granting access to all users for all URLs associated with form based log in.

如果删除通配符(*)所有页面AR除了login/之外,未经身份验证的用户均可访问。

来源

2016-09-19 20:22:01 dur

相关问题

 相关问题