每当我尝试登录我的应用程序时,它都会使用我的invalidLogin控制器。我有一种感觉,问题出在我的LoginConfig上,但我不确定他的问题是什么。我的LoginConfig:
@EnableWebSecurity
@Configuration
public class LoginConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.requiresChannel ()
.anyRequest()
.requiresSecure()
.and().formLogin().loginPage("/login-page").loginProcessingUrl("/login")
.defaultSuccessUrl("/login-pass",true).failureUrl("/login-fail").permitAll()
.and().logout().invalidateHttpSession(true).logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login-page")
.permitAll()
.and().authorizeRequests().anyRequest().authenticated();
}
@Autowired
private UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder pe = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(pe);
}
}
这是我的登录控制器:
@Controller
public class LoginController {
@Autowired UserLoginRepository userRepo;
@RequestMapping(value="/login-page", method=RequestMethod.GET)
public String loginForm() {
System.out.println("welcome to log in page");
return "security/login-form";
}
@RequestMapping(value="/login-fail", method=RequestMethod.GET)
public String invalidLogin(Model model) {
model.addAttribute("error", true);
System.out.println("failed LOGIN");
return "security/login-form";
}
@RequestMapping(value="/login-pass", method=RequestMethod.GET)
public String successLogin() {
System.out.println("success");
return "deck-page";
}
}
最后我的登录表单jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login page</title>
<style>
.error {
color: red;
}
</style>
</head>
<body>
<h1>Login page</h1>
<p>
<c:if test="${error == true}">
<b class="error">Invalid login or password.</b>
</c:if>
<c:if test="${logout == true}">
<b class="logout">You have been logged out.</b>
</c:if>
</p>
<form action="/login" method="post">
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
</p>
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
<button type="submit" class="btn">Log in</button>
</form>
</body>
</html>
所以我知道控制器可以作为失败的登录工作。在运行中,我有以下代码来设置用户:
BCryptPasswordEncoder pe = new BCryptPasswordEncoder();
Users user = new Users();
user.setLogin("joe");
user.setPassword(pe.encode("123456"));
userRepo.save(user);
Furthermore, checking my SQL I can see that it stores the the username and password
我通过创建一个链接我的Users类的类来修复它,以便它可以正确比较。
@Service
public class TopTrumpUserDetailsServices implements UserDetailsService {
@Autowired
private UserLoginRepository userRepo;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
TopTrumpUser u = userRepo.findByUsername(username);
List<GrantedAuthority> authorities = new ArrayList<>();
return new User(u.getUsername(), u.getPassword(), authorities);
}
}