设置 Spring 安全性以在未通过身份验证的情况下将用户重定向到登录页面 [英] Setup Spring security to redirect user to login page if not authenticated

查看:40
本文介绍了设置 Spring 安全性以在未通过身份验证的情况下将用户重定向到登录页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个具有 Spring 安全性的 Spring 启动应用程序.

我的问题类似于

我的配置类如下所示:

@EnableWebSecurity@配置公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter {@覆盖公共无效配置(HttpSecurity http)抛出异常{http.authorizeRequests().antMatchers("/**").hasAnyRole("USER").and().formLogin().loginPage("/login").permitAll().and().authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();}public void configureGlobal(AuthenticationManagerBuilder auth) 抛出异常 {auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");}}

使用此配置,将不会加载任何资源.如果用户未通过身份验证并且同时加载我的资源文件夹,我该如何配置我的项目以将用户重定向到登录页面?

解决方案

plz checkout configure method

@Override公共无效配置(HttpSecurity http)抛出异常{http.authorizeRequests().antMatchers("/resources/**").permitAll().antMatchers("/login*").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login");}

and implements WebMvcConfigurer 类如下

@Configuration@EnableWebMvc公共类 WebMvcConfiguration 实现 WebMvcConfigurer {@覆盖public void addResourceHandlers(最终ResourceHandlerRegistry注册表){registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");}}

addResourceHandlers 表示在/static 中查找资源.

I have a Spring boot application with Spring security.

My problem is similar to this one, but in my case I want to redirect the user to the login page if he's not authenticated when he tries to access any page of the application.

The following image shows the architecture of the application:

My config class looks like this:

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/**").hasAnyRole("USER")
                .and().formLogin().loginPage("/login").permitAll()
                .and().authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();
    }

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
    }

}

With this configuration, no resource will be loaded. How can I configure my project to redirect the user to the login page if he's not authenticated and at the same time having my resources folder loaded?

解决方案

plz checkout configure method

@Override
  public void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/resources/**").permitAll()
        .antMatchers("/login*").permitAll()
        .anyRequest().authenticated()
        .and().formLogin().loginPage("/login");
  }

and implements WebMvcConfigurer Class like below 

@Configuration
@EnableWebMvc
public class WebMvcConfiguration implements WebMvcConfigurer {

  @Override
  public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/static/**")
        .addResourceLocations("classpath:/static/");
  }
}

addResourceHandlers means find resources in /static.

这篇关于设置 Spring 安全性以在未通过身份验证的情况下将用户重定向到登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆