在Spring Security环境中,作者试图创建一个AngularJS的登录页面,但遇到验证问题。登录POST请求返回302找到,然后重定向到GET /login/,导致404错误。代码中包括了登录控制器的逻辑,以及应用配置。问题可能源于文件结构改变、AngularJS的使用以及POST请求的处理。作者尝试通过调试和对比示例找出问题。
我正在为
Spring Security实现一个定制的AngularJS登录页面,并且我有问题验证.
但是,当我尝试实现这个我自己,我无法验证,我不知道我的错误在哪里.
使用凭证进行POST登录(卷曲与示例相同),并且我收到302找到并重定向到GET / login /,返回404未找到.
当我尝试POST /登录时,Spring不会生成任何调试日志,所以我不知道它是如何为302服务的.
显着的变化(最有可能是我的问题的根源):
>文件结构更改
>严格使用Angular(没有jQuery) – 这导致了POST请求所需的不同功能
>使用bower而不是wro4j
角色代码样式/范围界定
许多相关的Spring Security问题表明POST请求的格式不正确,但是我的看法与示例相同(至少当我复制到chrome开发控制台时卷曲).其他人建议实施自定义授权提供者,但在该示例中不需要,所以我对我和示例之间的区别感到困惑.帮我堆栈交换,你是我唯一的希望.
开发工具:imgurDOTcom / a / B2KmV
相关代码:
login.js
'use strict';
angular
.module('webApp')
.controller('LoginCtrl',['$root`enter code here`Scope','$scope','$http','$location','$route',function($rootScope,$scope,$http,$location,$route) {
console.log("LoginCtrl created.");
var vm = this;
vm.credentials = {
username: "",password: ""
};
//vm.login = login;
$scope.tab = function(route) {
return $route.current && route === $route.current.controller;
};
var authenticate = function(callback) {
$http.get('user').success(function(data) {
console.log("/user success: " + JSON.stringify(data));
if (data.name) {
console.log("And Authenticated!");
$rootScope.authenticated = true;
} else {
console.log("But received invalid data.");
$rootScope.authenticated = false;
}
callback && callback();
}).error(function(response) {
console.log("/user failure." + JSON.stringify(response));
$rootScope.authenticated = false;
callback && callback();
});
};
authenticate();
$scope.login = function() {
var data2 = 'username=' + encodeURIComponent(vm.credentials.username) +
'&password=' + encodeURIComponent(vm.credentials.password);
$http.post('login',data2,{
headers : {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).success(function() {
authenticate(function() {
if ($rootScope.authenticated) {
console.log("Login succeeded");
$location.path("/");
$scope.error = false;
$rootScope.authenticated = true;
} else {
console.log("Login Failed with redirect");
$location.path("/login");
$scope.error = true;
$rootScope.authenticated = false;
}
});
}).error(function() {
console.log("Login Failed");
$location.path("/login");
$scope.error = true;
$rootScope.authenticated = false;
})
};
$scope.logout = function() {
$http.post('logout',{}).success(function() {
$rootScope.authenticated = false;
$location.path("/");
}).error(function() {
console.log("logout Failed");
$rootScope.authenticated = false;
});
}
}]);
application.java
package com.recursivechaos.springangularstarter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@SpringBootApplication
@RestController
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class,args);
}
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
@RequestMapping("/resource")
public Map home() {
Map model = new HashMap<>();
model.put("id",UUID.randomUUID().toString());
model.put("content","Hello World");
return model;
}
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
formLogin().
//loginPage("/#/login").
and().
logout().
and().
authorizeRequests().
antMatchers("/index.html","/home/**","/login/**","/bower_components/**","/","/main.js","/login/","/navigation/**","/login","login/","/login.html").
permitAll().
anyRequest().
authenticated().
and().
csrf().
csrfTokenRepository(csrfTokenRepository()).
and().
addFilterAfter(csrfHeaderFilter(),CsrfFilter.class);
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response,FilterChain filterChain)
throws ServletException,IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request,"XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null
&& !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN",token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request,response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
}
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
