我有MasterSecurity配置,这是管理登录的主人。和AdminSecurity配置,管理登录。
当我注解掉一个时,另一个可以工作。但是当我尝试同时使用两个时,主登录显示
不允许PostMapping
package Spring.LoginRegister.Config;
import Spring.LoginRegister.Entity.RolesConstant;
import Spring.LoginRegister.Repository.AdminRepository;
import Spring.LoginRegister.Service.CustomAdminDetailsService;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@AllArgsConstructor
@Order(1)
public class AdminSecurityConfig {
private final AdminRepository adminRepository;
@Bean
public UserDetailsService userDetailsService1(){
return new CustomAdminDetailsService(adminRepository);
}
@Bean
public BCryptPasswordEncoder passwordEncoder1(){
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider1(){
DaoAuthenticationProvider authProvider= new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService1());
authProvider.setPasswordEncoder(passwordEncoder1());
return authProvider;
}
@Bean
public SecurityFilterChain AdminsecurityFilterChain(HttpSecurity http) throws Exception {
http
.authenticationProvider(authenticationProvider1());
http
.csrf().disable()
.authorizeHttpRequests((request) -> request
.requestMatchers("/AdminDashBoard/**").authenticated()
.requestMatchers("/admin/login").hasRole(RolesConstant.ROLE_ADMIN.toString() )
.anyRequest().permitAll()
)
.formLogin((form) ->form
.loginPage("/admin/login")
.defaultSuccessUrl("/AdminDashBoard", true)
.permitAll()
)
.logout(form -> form
.logoutUrl("/logout")
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutSuccessUrl("/")
);
return http.build();
}
}我的问题是,当一个从应用程序中删除时,它们都可以单独工作。当我尝试将两者合并时,只有管理配置工作正常。
Method 'POST' is not supported.
org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' is not supported
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.handleNoMatch(RequestMappingInfoHandlerMapping.java:265)
at org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.lookupHandlerMethod(AbstractHandlerMethodMapping.java:441)
at org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.getHandlerInternal(AbstractHandlerMethodMapping.java:382)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getHandlerInternal(RequestMappingInfoHandlerMapping.java:126)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getHandlerInternal(RequestMappingInfoHandlerMapping.java:68)
at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:504)
at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1274)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1056)这是我的第二个配置:
package Spring.LoginRegister.Config;
import Spring.LoginRegister.Repository.MasterRepository;
import Spring.LoginRegister.Service.CustomAdminDetailsService;
import Spring.LoginRegister.Service.CustomMasterDetails;
import Spring.LoginRegister.Service.CustomMasterDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@Order(2)
public class MASTERSecurityConfig {
private MasterRepository masterRepository;
@Bean
public UserDetailsService userDetailsService2(){
return new CustomMasterDetailsService(masterRepository);
}
@Bean
@Primary
public BCryptPasswordEncoder passwordEncoder2(){
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider2(){
DaoAuthenticationProvider authProvider2= new DaoAuthenticationProvider();
authProvider2.setUserDetailsService(userDetailsService2());
authProvider2.setPasswordEncoder(passwordEncoder2());
return authProvider2;
}
@Bean
public SecurityFilterChain MastersecurityFilterChain(HttpSecurity http) throws Exception {
http
.authenticationProvider(authenticationProvider2());
http
.csrf().disable()
.authorizeHttpRequests((request) ->request
.requestMatchers("/master/home/**").authenticated()
.requestMatchers("/master/login")
.hasRole(RolesConstant.ROLE_HOUSEMASTER.toString())
.anyRequest().permitAll()
)
.formLogin((form) ->form
.loginPage("/master/login")
.defaultSuccessUrl("/master/home", true)
.permitAll())
.logout(form -> form
.logoutUrl("/logout")
.invalidateHttpSession(true)
.logoutSuccessUrl("/")
.permitAll()
);
return http.build();
}
}我试过StackOverflow之前的答案。
1条答案
按热度按时间w8ntj3qf1#
不要创建单独的Config类。只需创建多个安全过滤器链并对它们进行相应的排序。此外,您必须防止创建相对组件的Bean,因为Bean是全局的,它们将相互矛盾。