Spring Security 5 身份验证失败
我正在尝试使用 spring security 5 验证使用。
@Configuration
@ComponentScan(basePackages = { "com.lashes.studio.security" })
@EnableWebSecurity
public class CustomSecurityService extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private LogoutSuccessHandler myLogoutSuccessHandler;
@Autowired
private MyUserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(SecurityUtils.passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/mail.js/**", "/font-awesome/**", "/css/**", "/js/**", "/img/**", "/fonts/**",
"/login*", "/login*", "/logout*", "/signin/**", "/signup/**", "/customLogin",
"/user/registration*", "/registrationConfirm*", "/expiredAccount*", "/registration*",
"/badUser*", "/user/resendRegistrationToken*", "/forgetPassword*", "/user/resetPassword*",
"/user/changePassword*", "/adminlogin/**", "/eauthenticationmanagerbuildermailError*",
"/admin/**", "/admin/js/**", "/resources/**", "/old/user/registration*", "/successRegister*")
.permitAll()
}
烙印991回答
-
青春有我
在您的登录页面中,我没有看到任何csrf token字段。而且我没有http.csrf().disable()在您的安全配置中看到,所以我怀疑 Spring Security 拒绝登录 POST,因为缺少令牌。例如,一个 JSP 可以有标签<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/csrf.html
随时随地看视频慕课网APP
相关分类
Java