Spring Security 5 身份验证失败

我正在尝试使用 spring security 5 验证使用。

@Configuration

@ComponentScan(basePackages = { "com.lashes.studio.security" })

@EnableWebSecurity

public class CustomSecurityService extends WebSecurityConfigurerAdapter {

@Autowired

private AuthenticationSuccessHandler myAuthenticationSuccessHandler;

@Autowired

private AuthenticationFailureHandler authenticationFailureHandler;

@Autowired

private LogoutSuccessHandler myLogoutSuccessHandler;

@Autowired

private MyUserDetailsService userDetailsService;

@Autowired

public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

auth.userDetailsService(userDetailsService).passwordEncoder(SecurityUtils.passwordEncoder());

}

@Override

protected void configure(HttpSecurity http) throws Exception {

http.authorizeRequests()

.antMatchers("/", "/mail.js/**", "/font-awesome/**", "/css/**", "/js/**", "/img/**", "/fonts/**",

"/login*", "/login*", "/logout*", "/signin/**", "/signup/**", "/customLogin",

"/user/registration*", "/registrationConfirm*", "/expiredAccount*", "/registration*",

"/badUser*", "/user/resendRegistrationToken*", "/forgetPassword*", "/user/resetPassword*",

"/user/changePassword*", "/adminlogin/**", "/eauthenticationmanagerbuildermailError*",

"/admin/**", "/admin/js/**", "/resources/**", "/old/user/registration*", "/successRegister*")

.permitAll()

}

烙印99

浏览 201回答 1

1回答

青春有我

在您的登录页面中，我没有看到任何csrf token字段。而且我没有http.csrf().disable()在您的安全配置中看到，所以我怀疑 Spring Security 拒绝登录 POST，因为缺少令牌。例如，一个 JSP 可以有标签<input type="hidden"        name="${_csrf.parameterName}"        value="${_csrf.token}"/>https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/csrf.html

随时随地看视频慕课网APP