问题描述
在我的Vaadin应用程序中,我想使用Spring Security保护某些页面。登录和注销功能确实可以正常工作,但是我想要的是,当vaadin应用程序启动时,他仍然应该能够访问“注册视图类”。为此,我使用下面的“安全配置”类。
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String LOGIN_PROCESSING_URL = "/login";
private static final String LOGIN_FAILURE_URL = "/login?error";
private static final String logoUT_SUCCESS_URL = "/login";
/**
* Require login to access internal pages and configure login form.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// Not using Spring CSRF here to be able to use plain HTML for the login page
http.csrf().disable()
// Register our CustomrequestCache,that saves unauthorized access attempts,so
// the user is redirected after login.
.requestCache().requestCache(new CustomrequestCache())
// Restrict access to our application.
.and().authorizeRequests()
.antMatchers("/","/VAADIN/**","/HEARTBEAT/**","/UIDL/**","/resources/**","/registration","registration","/login/**","/manifest.json","/icons/**","/images/**",// (development mode) static resources
"/frontend/**",// (production mode) static resources
"/frontend-es5/**","/frontend-es6/**").anonymous()
// Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
// Allow all requests by logged in users.
.anyRequest().authenticated()
// Configure the login page.
.and().formLogin().loginPage(LOGIN_PROCESSING_URL).permitAll().loginProcessingUrl(LOGIN_PROCESSING_URL)
.failureUrl(LOGIN_FAILURE_URL)
// Configure logout
.and().logout().logoutSuccessUrl(logoUT_SUCCESS_URL);
}
我的RegistrationView类如下所示
@Route(value = "registration",layout = MainView.class)
@Routealias(value = "registration",layout = MainView.class)
@CssImport("./styles/views/login/registration.css")
public class Registration extends Div {
private static final long serialVersionUID = -1223086666624645746L;
private TextField username;
private TextField email;
private PasswordField password;
private PasswordField password2;
private Button userRegistrationSubmitButton;
使用当前架构,无论执行什么操作,只要启动应用程序,我都会立即重定向到登录页面。我该如何解决?预先感谢。.
解决方法
这并非完全相同,但答案与https://stackoverflow.com/a/57557321/2376954相同。
其核心是您不能使用Spring Security使用的基于路径的检查来保护作为单页应用程序加载的Vaadin视图。
,对于你们中的那些人,将来会来这里的。别担心,我回来了。我找到了解决办法(大声笑)。基本上,无论使用哪种vaadin和Spring安全应用程序,都将了解,除了这些安全配置和自定义请求缓存类之外,您还将根据您所遵循的教程拥有ConfigureUIServerInitListener类。这里有一个小技巧,我们可以使用身份验证检查来限制访问。因此,如果您还没有,请添加以下课程。
@Component
public class ConfigureUIServiceInitListener implements VaadinServiceInitListener {
/**
*
*/
private static final long serialVersionUID = 1L;
@Override
public void serviceInit(ServiceInitEvent event) {
event.getSource().addUIInitListener(uiEvent -> {
final UI ui = uiEvent.getUI();
ui.addBeforeEnterListener(this::beforeEnter);
});
}
/**
* Reroutes the user if (s)he is not authorized to access the view.
*
* @param event
* before navigation event with event details
*/
private void beforeEnter(BeforeEnterEvent event) {
if (AboutView.class.equals(event.getNavigationTarget())
&& !SecurityUtils.isUserLoggedIn()) {
event.rerouteTo(Login.class);
}
}
}
从之前的Enter方法可以看出,我希望AboutView类受spring安全性的保护。然后我做相应的检查。基于此,您可以添加其他视图类。这样一来,您无需登录即可访问某些视图。