为什么Spring Security无法运行？ [英] Why is Spring Security not working?

问题描述

我正在尝试将Spring Security集成到我的项目中。

I am trying to integrate Spring Security in my project.

我已按照此处给出的文档：
https://spring.io/guides/gs/securing-web/

I have followed the documentation given here: https://spring.io/guides/gs/securing-web/

我使用Spring Boot配置了一切XML。

Instead of Spring Boot, I have configured everything using XML.

我的 web.xml 是：

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.css</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.js</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

dispatcher-servlet.xml ：

<context:component-scan base-package="com.name.ot" />

<bean id="resolver"
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="viewClass"
        value="org.springframework.web.servlet.view.JstlView" />
    <property name="prefix" value="/WEB-INF/" />
    <property name="suffix" value=".jsp" />
</bean>

我的视图控制器是：

@Controller
public class HomeController{

    @RequestMapping(value={"/", "/home"}, method = RequestMethod.GET)
    public ModelAndView home() {

        ModelAndView model = new ModelAndView("home");
        return model;
    }

    @RequestMapping(value={"/hello"}, method = RequestMethod.GET)
    public ModelAndView hello() {

        ModelAndView model = new ModelAndView("hello");
        return model;
    }

    @RequestMapping(value={"/login"}, method = RequestMethod.GET)
    public ModelAndView login() {

        ModelAndView model = new ModelAndView("login");
        return model;
    }
}

我的安全等级：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

但是，我可以访问所有页面， / ， / home ， / hello ， / login 。

But, I am able to access all the pages, /, /home, /hello, /login.

我不希望用户直接访问 / hello ，没有进入 / login 。

I don't want the user to directly access /hello, without going in /login.

我做错了什么？

推荐答案

我遇到了同样的问题。

我的解决方案如Spring in行动Craig Walls的书p247。您需要创建一个扩展AbstractSecurityWebApplicationInitializer的空类。

My solution is as mentioned in the "Spring in action" book by Craig Walls p247. You need to create an empty class that extends AbstractSecurityWebApplicationInitializer.

public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {}

这篇关于为什么Spring Security无法运行？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！