如何修复登录页面的重定向(Spring Security)

问题描述 投票:0回答:1

我让每个人都可以使用 /welcome 页面,但是当我访问它时,我仍然被重定向到登录页面

网络安全配置:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig{
    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder encoder){
        UserDetails admin = User.builder().username("admin").password(encoder.encode("admin")).build();
        UserDetails user = User.builder().username("user").password(encoder.encode("user")).build(); 
        return new InMemoryUserDetailsManager(admin, user);
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
                        .requestMatchers("/welcome").permitAll()
                        .anyRequest().authenticated())
                .formLogin(withDefaults())
                .csrf(AbstractHttpConfigurer::disable);
        return http.build();

    }
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

}

站点控制器:

@Controller

public class siteController {
    @GetMapping("/welcome")
    public String welcome(){
        return "welcome.html";
    }

    @GetMapping("/admin")
    public String admin(){
        return "admin.html";
    }
}

演示应用:

@SpringBootApplication
public class DemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }

}

我试图让所有页面在未经授权的情况下可用,并且我成功地在未经授权的情况下登录了它们,它看起来像这样

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
 
                        .anyRequest().permitAll())
                .formLogin(withDefaults())
                .csrf(AbstractHttpConfigurer::disable);
         return http.build();

但是当我这样写的时候

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
                        .requestMatchers("/welcome").permitAll()
                        .anyRequest().authenticated())
                .formLogin(withDefaults())
                .csrf(AbstractHttpConfigurer::disable);
        return http.build();

    }

我不再允许未经授权访问所有页面

java spring-boot spring-security
1个回答
0
投票

我尝试了this指南,它允许公众访问

/welcome
路线并重定向到其他路线的登录页面。你的代码看起来也很好。根据该指南再次检查您的代码。

下面是对我有用的代码。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
                        .requestMatchers("/","/welcome").permitAll()
                        .anyRequest().authenticated())
                .formLogin((form) -> form
                        .loginPage("/login")
                        .permitAll());
                //.csrf(AbstractHttpConfigurer::disable);

        return http.build();
    }


    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails user =
                User.withDefaultPasswordEncoder()
                        .username("user")
                        .password("password")
                        .roles("USER")
                        .build();

        return new InMemoryUserDetailsManager(user);
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.