0

将 Spring Security Xml 配置转换为 javaconfig 后,主页会自动重定向到 /login.htm?logout 。主页不来了。此外,登录尝试失败。

工作 XML 配置:

<http pattern="/resources" security="none" />

<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">

    <!-- Configure these elements to secure URIs in your application -->
    <intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />

    <intercept-url pattern="/personal/myPhotos.htm"
        access="hasAnyRole('ROLE_USER', 'ROLE_FAMILY', 'ROLE_ADMIN')" />

    <intercept-url pattern="/personal/familyPhotos.htm"
        access="hasAnyRole('ROLE_FAMILY', 'ROLE_ADMIN')" />

    <form-login login-processing-url="/j_spring_security_check"
        login-page="/login.htm" authentication-failure-url="/login.htm?login_error=t" />

    <logout logout-success-url="/" />

    <remember-me key="myAppKey" token-validity-seconds="864000" />

    <access-denied-handler error-page="/denied" />

</http>

<beans:bean id="encoder"
    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<authentication-manager>
    <authentication-provider user-service-ref="customUserDetailsService">
        <password-encoder ref="encoder" />
    </authentication-provider>
</authentication-manager>

非工作javaconfig:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder registry)
        throws Exception {
    registry.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}

@Override
public void configure(WebSecurity webSecurity) throws Exception {
    webSecurity.ignoring().antMatchers("/resources");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable()
        .authorizeRequests()
            .antMatchers("/**").permitAll()
            .antMatchers("/admin.htm")
            .hasAuthority("ROLE_ADMIN")
            .antMatchers("/personal/myPhotos.htm")
            .hasAnyAuthority("ROLE_USER", "ROLE_FAMILY", "ROLE_ADMIN")
            .antMatchers("/personal/familyPhotos.htm")
            .hasAnyAuthority("ROLE_FAMILY", "ROLE_ADMIN")
            .anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/login.htm")
            .loginProcessingUrl("/j_spring_security_check")
            .failureUrl("/login.htm?login_error=t")
            .permitAll()
        .and()
            .logout().logoutUrl("/")
        .and()
            .rememberMe().key("myAppKey").tokenValiditySeconds(864000);
}
}
4

1 回答 1

1

重新编辑:

根据提供的评论,我可以看到问题出在您的以下代码中:

.and()
    .logout().logoutUrl("/")

根据该代码设置,这意味着每次您访问主页/索引页面时,它都会根据您的问题返回 http:///login?logout。

我将假设您要重定向到主页/索引页面,因此我向您介绍此修复:

.and()
    .logout()
    .logoutSuccessUrl("/");

如果这不起作用,请提出建议,我会进一步为您提供帮助,否则接受我的回答将非常感谢您:)。

于 2014-05-07T02:56:20.430 回答