使用自己的登录表单重定向太多 - Spring Security

Question

我想自己登录表格.当我更改登录页面时,我无法打开它.Google Chrome告诉我,此页面的重定向过多......

我的代码:

@RequestMapping(value="/login", method = RequestMethod.GET)
public ModelAndView loginPage() {
    ModelAndView modelAndView = new ModelAndView("login");
    return modelAndView;
}

@RequestMapping(value="/loginError", method = RequestMethod.GET)
public ModelAndView loginErrorPage() {
    ModelAndView modelAndView = new ModelAndView("login");
    modelAndView.addObject("error", "true");
    modelAndView.addObject("msg", "invalid login credentials");
    return modelAndView;
}

设置:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable().authorizeRequests()
            .antMatchers("/**").access("hasRole('ROLE_USER')")
            .and().formLogin().loginPage("/login").defaultSuccessUrl("/index").failureUrl("/loginError");
}

和登录表格:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
         pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Insert title here</title>
</head>
<body>
<c:if test="${error eq 'true'}">
    ${msg}
</c:if>
<form name='loginForm' action="<c:url value='j_spring_security_check' />"
      method='POST'>

    <table>
        <tr>
            <td>User Name:</td>
            <td><input type='text' name='j_username' value=''>
            </td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='j_password' />
            </td>
        </tr>
        <tr>
            <td><input name="submit" type="submit"
                       value="submit" />
            </td>
            <td><input name="reset" type="reset" />
            </td>
        </tr>
    </table>

</form>
</body>
</html>

你能告诉我问题出在哪里吗？我研究了很多教程,但总是遇到同样的问题.对许多重定向......

BTW.IntelliJ无法解析:j_spring_security_chec

Answer 1

如手册中所述,您需要允许对登录页面的请求,否则它将进入无限循环:

http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#jc-form

我们必须授予所有用户(即未经身份验证的用户)访问我们的登录页面的权限.formLogin().permitAll()方法允许为与基于表单的登录相关联的所有URL授予对所有用户的访问权限.

protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
        .antMatchers("/**").access("hasRole('ROLE_USER')")
            .and().formLogin().loginPage("/login").permitAll()
                .defaultSuccessUrl("/index").failureUrl("/loginError");       
}