限制用户直接访问url-spring安全

ctzwtxfj  于 2021-07-05  发布在  Java
关注(0)|答案(1)|浏览(565)

我正在尝试实现Spring Security ,没有错误/异常,但它不起作用,我无法重定向到success页面。我的成功页面是/sucesspage,/verify将根据数据库验证用户详细信息。我想用3个不同的参数来验证用户
安全配置.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource(name="AdminDB")
    private DataSource datasource; 

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
        auth.eraseCredentials(false);
    }

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        logger.info("Inside SecurityConfig - configure() - Spring security");
        security
                .authorizeRequests()
                    .antMatchers("/resources/**", "/unsecured/**", "/","/Verify").permitAll()
                    .anyRequest().authenticated()
                .and().formLogin()
                    .loginPage("/").permitAll()
                    .usernameParameter("email")
                    //.passwordParameter("password")
                    .defaultSuccessUrl("/sucessPage/")
                    .successHandler(successhandler())
                    .failureUrl("/")
                .and().logout()
                    .invalidateHttpSession(true).deleteCookies("JSESSIONID")
                    .permitAll()
                .and().exceptionHandling().accessDeniedPage("/systemError.html")
                .and().csrf().disable();
    }

    @Bean
    public CustomAuthenticationSuccessHandler successhandler() {
        return new CustomAuthenticationSuccessHandler();
    }

}

登录页-html:

<form id="form" name="Form" action="#" th:action="@{/verify}" th:object="${Form}" method="post">

                    <div class="50">
                        <label for="first-name" class="label-first-name">First Name*</label>
                        <input type="text" id="firstName" name="first-name" placeholder="Enter First Name" th:field="*{firstName}">
                    </div>
                    <div class="50">
                        <label for="last-name" class="label-last-name">Last Name*</label>
                        <input type="text" id="lastName" name="last-name" placeholder="Enter Last Name" th:field="*{lastName}">
                    </div>
                </div>
                <div class="100">
                    <label for="email-1" class="label-email-address">Email Address*<span class="label-note">This is your login username</span></label>
                    <input type="text" id="email" name="email" placeholder="Enter Email" th:field="*{email}">
                </div>
                <div class="100">
                    <label for="email-2" class="label-email-address">Verify Email Address*</label>
                    <input type="text" id="verifyEmail" name="verifyEmail" placeholder="Re-enter Email" th:field="*{verifyEmail}">
                </div>
                <div class="100">
                    <label for="phone" class="label-phone-number">Phone Number<span class="label-note">(optional)</span></label>
                    <input type="text" id="phoneNumber" name="phoneNumber" placeholder="Enter Phone Number" th:field="*{phoneNumber}">
                </div>
                <input type="submit" id="submitBtn" value="Next">
            </form>

在提交时,它应该验证用户并重定向到/successpage。我只想限制用户直接访问其他网址和其他流将去,因为它是。现在它正在重定向回“/”,没有任何错误。
userdetailsserviceimpl.java

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private LoginManager loginManager;

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
        UserDetails user = null;
        try {
            user = loginManager.findUserByEmail(userName);
        } catch (LoginException e) {
            throw new UsernameNotFoundException("Username not found: " + e.getMessage());
        }
        return user;
    }

}

loaduserbyusername只接受一个参数。我想通过firstname、lastname、针对db的email和通过spring security重定向到success来验证用户。谢谢

dz6r00yl

dz6r00yl1#

我认为你的securityconfig.java不完整
.formlogin().loginpage(“/”)丢失:

.loginProcessingUrl("/j_spring_security_check")

.defaultSuccessUrl("/sucessPage")

相关问题