java spring登录验证_java – 带有Spring安全登录和身份验证的Angular

我们在前端使用AngularJS,在后端使用spring. Spring安全性应该进行身份验证和登录,但它甚至不能在spring的教程(https://spring.io/guides/tutorials/spring-security-and-angular-js/)的帮助下工作.每当我们尝试登录“user”-service时,主体对象为null.在前端,我们收到了这样的答案：data = Object {data：“”,status：200,config：Object,statusText：“OK”} EVERYTIME.使用正确或不正确的数据登录无关紧要……我阅读了很多文章,但我找不到解决方案.

我们的login.html

Login

body {

position: relative;

}

Login

Login

我们的login.js：

(function(angular) {

const app = angular.module("LoginApp",[]);

app.controller("LoginController", ["$scope", "$http", function($scope, $http){

$scope.username = "";

$scope.password = "";

$scope.errormessage = "";

$scope.error = false;

$scope.valid = false;

$scope.requesting = false;

$scope.submitLogin = function() {

$scope.requesting = true;

$scope.error = false;

const credentials = {

username: $scope.username,

password: $scope.password

};

const headers = credentials ? {authorization : "Basic "

+ btoa(credentials.username + ":" + credentials.password)

} : {};

$http.get("user", { headers: headers }).then(function(data){

if(data.data.name) {

window.location.href = "/";

}

else {

$scope.error = true;

$scope.requesting = false;

$scope.errormessage = "Username / Passwort ist falsch!";

}

},

function(reason) {

$scope.error = true;

$scope.requesting = false;

if(reason.status === 404 || reason.status === 408){

$scope.errormessage = "Verbindung zum Server konnte nicht hergestellt werden!";

}else if (reason.status === 403){

$scope.errormessage = "Username / Passwort ist falsch!";

}else{

$scope.errormessage = "Unbekannter Fehler ist bei der Anfrage aufgetreten! Bitte versuchen Sie es erneut";

}

})

};

$scope.checkValid = function(){

if($scope.username != undefined && $scope.username != null && $scope.username.length > 1 &&

$scope.password != undefined && $scope.password != null && $scope.password.length > 1){

$scope.valid = true;

}else{

$scope.valid = false;

}

};

}

]);

})(window.angular);

我们的身份验证服务(如教程或许多帖子中所述)：

@RestController

public class UserController {

@RequestMapping(value = "/user")

public Principal user(Principal user) {

return user;

}

}

带有自定义过滤器的SecurityWebAppInitializer,用于记录IP和用户名.

@Order(2)

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

@Override

protected void afterSpringSecurityFilterChain(ServletContext servletContext) {

super.beforeSpringSecurityFilterChain(servletContext);

insertFilters(servletContext,new MultipartFilter(),new MDCFilter());

}

}

最后我们的Spring Security配置

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.autoconfigure.security.SecurityProperties;

import org.springframework.context.annotation.Configuration;

import org.springframework.core.annotation.Order;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.builders.WebSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.web.csrf.CsrfFilter;

import org.springframework.security.web.csrf.CsrfTokenRepository;

import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;

@Configuration

@EnableWebSecurity(debug=true)

@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)

public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired

DataSource dataSource;

@Autowired

public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

auth

.jdbcAuthentication()

.dataSource(dataSource)

.usersByUsernameQuery(

"select email,pwHash,true from user where email = ?")

.authoritiesByUsernameQuery(

"select email, rolle_rollenname from user where email = ?");

}

@Override

protected void configure(HttpSecurity http) throws Exception {

http

.authorizeRequests()

.antMatchers("/user", "/login", "/logout", "login.html").permitAll()

.anyRequest().authenticated()

.and()

.csrf().csrfTokenRepository(csrfTokenRepository())

.and()

.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)

.formLogin()

.loginPage("/login")

//.logoutSuccessHandler(new customLogoutSuccessHandler())

.and()

.logout()

.logoutUrl("/logout");

}

@Override

public void configure(WebSecurity web) throws Exception {

web

.ignoring()

.antMatchers("/scripts/**")

.antMatchers("/stylesheets/**");

}

private CsrfTokenRepository csrfTokenRepository()

{

HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();

repository.setHeaderName("X-XSRF-TOKEN");

return repository;

}

}

使用自定义身份验证和默认登录页面时,它可以正常工作.也许login.html或login.js错了……

UPDATE

当我使用.httpBasic()而不指定loginform时,当我尝试访问安全的ressource时会出现一个浏览器对话框.

我想重定向到自定义登录页面而不是浏览器对话框.怎么做？

解决方法:

好吧,我通过使用JSON Web Tokens,一个自定义无状态过滤器并在每次返回前端时将令牌提供给他们,当他们要求时.

标签：java,angularjs,spring-mvc,spring,spring-security

来源： https://codeday.me/bug/20190706/1396555.html