我正在为
Spring Security实现一个定制的AngularJS登录页面,并且我有问题验证.
我正在关注本教程/示例,他们的示例在本地工作正常:https://github.com/dsyer/spring-security-angular/tree/master/single
但是,当我尝试实现这个我自己,我无法验证,我不知道我的错误在哪里.
使用凭证进行POST登录(卷曲与示例相同),并且我收到302找到并重定向到GET / login /,返回404未找到.
当我尝试POST /登录时,Spring不会生成任何调试日志,所以我不知道它是如何为302服务的.
我的代码可以在这里找到:https://github.com/AndrewBell/spring-angular-starter/tree/master
显着的变化(最有可能是我的问题的根源):
>文件结构更改
>严格使用Angular(没有jQuery) – 这导致了POST请求所需的不同功能
>使用bower而不是wro4j
角色代码样式/范围界定
许多相关的Spring Security问题表明POST请求的格式不正确,但是我的看法与示例相同(至少当我复制到chrome开发控制台时卷曲).其他人建议实施自定义授权提供者,但在该示例中不需要,所以我对我和示例之间的区别感到困惑.帮我堆栈交换,你是我唯一的希望.
开发工具:imgurDOTcom / a / B2KmV
相关代码:
login.js
'use strict'; angular .module('webApp') .controller('LoginCtrl',['$root`enter code here`Scope','$scope','$http','$location','$route',function($rootScope,$scope,$http,$location,$route) { console.log("LoginCtrl created."); var vm = this; vm.credentials = { username: "",password: "" }; //vm.login = login; $scope.tab = function(route) { return $route.current && route === $route.current.controller; }; var authenticate = function(callback) { $http.get('user').success(function(data) { console.log("/user success: " + JSON.stringify(data)); if (data.name) { console.log("And Authenticated!"); $rootScope.authenticated = true; } else { console.log("But received invalid data."); $rootScope.authenticated = false; } callback && callback(); }).error(function(response) { console.log("/user failure." + JSON.stringify(response)); $rootScope.authenticated = false; callback && callback(); }); }; authenticate(); $scope.login = function() { var data2 = 'username=' + encodeURIComponent(vm.credentials.username) + '&password=' + encodeURIComponent(vm.credentials.password); $http.post('login',data2,{ headers : { 'Content-Type': 'application/x-www-form-urlencoded' } }).success(function() { authenticate(function() { if ($rootScope.authenticated) { console.log("Login succeeded"); $location.path("/"); $scope.error = false; $rootScope.authenticated = true; } else { console.log("Login Failed with redirect"); $location.path("/login"); $scope.error = true; $rootScope.authenticated = false; } }); }).error(function() { console.log("Login Failed"); $location.path("/login"); $scope.error = true; $rootScope.authenticated = false; }) }; $scope.logout = function() { $http.post('logout',{}).success(function() { $rootScope.authenticated = false; $location.path("/"); }).error(function() { console.log("logout Failed"); $rootScope.authenticated = false; }); } }]);
application.java
package com.recursivechaos.springangularstarter; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.csrf.CsrfFilter; import org.springframework.security.web.csrf.Csrftoken; import org.springframework.security.web.csrf.CsrftokenRepository; import org.springframework.security.web.csrf.HttpSessionCsrftokenRepository; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.util.WebUtils; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.servletexception; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.security.Principal; import java.util.HashMap; import java.util.Map; import java.util.UUID; @SpringBootApplication @RestController public class Application { public static void main(String[] args) { SpringApplication.run(Application.class,args); } @RequestMapping("/user") public Principal user(Principal user) { return user; } @RequestMapping("/resource") public Map<String,Object> home() { Map<String,Object> model = new HashMap<>(); model.put("id",UUID.randomUUID().toString()); model.put("content","Hello World"); return model; } @Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http. formLogin(). //loginPage("/#/login"). and(). logout(). and(). authorizeRequests(). antMatchers("/index.html","/home/**","/login/**","/bower_components/**","/","/main.js","/login/","/navigation/**","/login","login/","/login.html"). permitAll(). anyRequest(). authenticated(). and(). csrf(). csrftokenRepository(csrftokenRepository()). and(). addFilterafter(csrfheaderFilter(),CsrfFilter.class); } private Filter csrfheaderFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response,FilterChain filterChain) throws servletexception,IOException { Csrftoken csrf = (Csrftoken) request.getAttribute(Csrftoken.class .getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request,"XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN",token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request,response); } }; } private CsrftokenRepository csrftokenRepository() { HttpSessionCsrftokenRepository repository = new HttpSessionCsrftokenRepository(); repository.setHeaderName("X-XSRF-TOKEN"); return repository; } } }
解决方法
尝试添加WebSecuritConfigAdapter
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity .authorizeRequests() .antMatchers("/**").permitAll() .anyRequest().authenticated(); } }