修订 loginPage 失败降级,改为指定 EndPoint

This commit is contained in:
2026-06-08 17:42:14 +08:00
parent ae4599cd9a
commit 287b124f7e
@@ -8,10 +8,13 @@ import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import lombok.RequiredArgsConstructor;
import quant.rich.emoney.service.AuthService;
@@ -27,10 +30,10 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.headers(headers -> headers
.cacheControl(cache -> cache.disable())
.frameOptions(f -> f.sameOrigin())
.cacheControl(HeadersConfigurer.CacheControlConfig::disable)
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
)
.csrf(csrf -> csrf.disable())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/favicon.ico").permitAll()
.requestMatchers("/admin/*/login").permitAll()
@@ -41,11 +44,8 @@ public class SecurityConfig {
.requestMatchers("/img/**").permitAll()
.anyRequest().authenticated()
)
.formLogin(form -> form // 开启表单登录,并指定登录页
.loginPage("/admin/v1/login") // 指定登录页
.loginProcessingUrl("/admin/v1/doLogin") // 处理登录请求的 URL
.defaultSuccessUrl("/admin/v1/", false) // 登录成功后默认跳转
.permitAll())
.exceptionHandling(ex -> ex
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/admin/v1/login")))
.logout(logout -> logout
.logoutUrl("/admin/v1/logout")
.logoutSuccessUrl("/admin/v1/login")
@@ -54,7 +54,6 @@ public class SecurityConfig {
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
);
;
return http.build();
}
@@ -72,4 +71,4 @@ public class SecurityConfig {
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
}