我让每个人都可以使用 /welcome 页面,但是当我访问它时,我仍然被重定向到登录页面
网络安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig{
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder){
UserDetails admin = User.builder().username("admin").password(encoder.encode("admin")).build();
UserDetails user = User.builder().username("user").password(encoder.encode("user")).build();
return new InMemoryUserDetailsManager(admin, user);
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/welcome").permitAll()
.anyRequest().authenticated())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
站点控制器:
@Controller
public class siteController {
@GetMapping("/welcome")
public String welcome(){
return "welcome.html";
}
@GetMapping("/admin")
public String admin(){
return "admin.html";
}
}
演示应用:
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
我试图让所有页面在未经授权的情况下可用,并且我成功地在未经授权的情况下登录了它们,它看起来像这样
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.anyRequest().permitAll())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
但是当我这样写的时候
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/welcome").permitAll()
.anyRequest().authenticated())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
我不再允许未经授权访问所有页面
我尝试了this指南,它允许公众访问
/welcome
路线并重定向到其他路线的登录页面。你的代码看起来也很好。根据该指南再次检查您的代码。
下面是对我有用的代码。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/","/welcome").permitAll()
.anyRequest().authenticated())
.formLogin((form) -> form
.loginPage("/login")
.permitAll());
//.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}