Spring Security禁用登录页面/重定向 [英] Spring Security Disable Login Page / Redirect

问题描述

有没有一种方法可以禁用Spring Security和登录页面的重定向.我的要求是指定登录名应成为导航菜单的一部分.

Is there a way to disable the redirect for Spring Security and the login page. My requirements specify the login should be part of the navigation menu.

示例:

因此，没有专用的登录页面.登录信息需要通过Ajax提交.如果发生错误，则应返回指定错误的JSON并使用正确的HTTP状态代码.如果验证通过验证，则应返回200，然后javascript可以从那里进行处理.

Therefore there is no dedicated login page. The login information needs to be submitted via Ajax. If an error occurs it should return JSON specifying the error and use the proper HTTP Status code. If authentication checks out it should return a 200 and then javascript can handle it from there.

我希望这是有意义的，除非有任何更简单的方法来使用Spring Security来完成此任务.我在Spring Security方面没有太多经验.我认为这必须是一种常见的做法，但是我没发现太多.

I hope that makes sense unless there is any easier way to accomplish this with Spring Security. I don't have much experience with Spring Security. I assume this has to be a common practice, but I didn't find much.

当前的Spring安全配置

Current spring security configuration

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/", "/public/**").permitAll()
                .antMatchers("/about").permitAll()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error")
                .usernameParameter("email")
                .permitAll()
                .and()
                .logout()
                .logoutUrl("/logout")
                .deleteCookies("remember-me")
                .logoutSuccessUrl("/")
                .permitAll()
                .and()
                .rememberMe();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(new BCryptPasswordEncoder());
    }

更新:

我尝试使用HttpBasic()，但是无论它是什么，它都会要求登录凭据，并且它的丑陋的浏览器弹出窗口对于最终用户是不可接受的.看来我可能必须扩展AuthenticationEntryPoint.

I tried using HttpBasic() but then it asks for login creds not matter what and its the ugly browser popup which is not acceptable to the end user. It looks like I may have to extend AuthenticationEntryPoint.

最终，我需要Spring安全性以回传JSON来表示身份验证成功或失败.

At the end of the day I need Spring security to send back JSON saying the authentication succeeded or failed.

推荐答案

重定向行为来自

The redirect behavior comes from SavedRequestAwareAuthenticationSuccessHandler which is the default success handler. Thus an easy solution to remove the redirect is to write your own success handler. E.g.

http.formLogin().successHandler(new AuthenticationSuccessHandler() {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
       //do nothing
    }
});

这篇关于Spring Security禁用登录页面/重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！