1. 技术文章
  2. Setup Spring security to redirect user to login page if not authenticated

Setup Spring security to redirect user to login page if not authenticated

与世无争的帅哥 提交于 2020-01-13 14:55:14

问题


I have a Spring boot application with Spring security.

My problem is similar to this one, but in my case I want to redirect the user to the login page if he's not authenticated when he tries to access any page of the application.

The following image shows the architecture of the application:

My config class looks like this:

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/**").hasAnyRole("USER")
                .and().formLogin().loginPage("/login").permitAll()
                .and().authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();
    }

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
    }

}

With this configuration, no resource will be loaded. How can I configure my project to redirect the user to the login page if he's not authenticated and at the same time having my resources folder loaded?


回答1:


plz checkout configure method

@Override
  public void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/resources/**").permitAll()
        .antMatchers("/login*").permitAll()
        .anyRequest().authenticated()
        .and().formLogin().loginPage("/login");
  }

and implements WebMvcConfigurer Class like below 

@Configuration
@EnableWebMvc
public class WebMvcConfiguration implements WebMvcConfigurer {

  @Override
  public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/static/**")
        .addResourceLocations("classpath:/static/");
  }
}

addResourceHandlers means find resources in /static.




回答2:


Update your method by using authenticated() like below. 

@Override
        protected void configure(HttpSecurity http) throws Exception {
            http
              .authorizeRequests()
              .antMatchers("/login*").
              .antMatchers("/resources/**").permitAll()
              .antMatchers("/*.js").permitAll()
              .permitAll()
              .anyRequest()
              .authenticated()
              .and()
              .formLogin();
        }

Refer this article




回答3:


Spring security is not allowing your css when a "GET" request to it is made allow it by changing the following line to the next line

this line = .antMatchers("/*.js").permitAll()

this line = .antMatchers("/*.js", "/*.css").permitAll()



来源:https://stackoverflow.com/questions/52610122/setup-spring-security-to-redirect-user-to-login-page-if-not-authenticated

标签
java
Spring
spring-boot
spring-security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!