修订 loginPage 失败降级,改为指定 EndPoint
This commit is contained in:
@@ -8,10 +8,13 @@ import org.springframework.security.authentication.ProviderManager;
|
|||||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import quant.rich.emoney.service.AuthService;
|
import quant.rich.emoney.service.AuthService;
|
||||||
@@ -27,10 +30,10 @@ public class SecurityConfig {
|
|||||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
http
|
http
|
||||||
.headers(headers -> headers
|
.headers(headers -> headers
|
||||||
.cacheControl(cache -> cache.disable())
|
.cacheControl(HeadersConfigurer.CacheControlConfig::disable)
|
||||||
.frameOptions(f -> f.sameOrigin())
|
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
|
||||||
)
|
)
|
||||||
.csrf(csrf -> csrf.disable())
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
.authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
.requestMatchers("/favicon.ico").permitAll()
|
.requestMatchers("/favicon.ico").permitAll()
|
||||||
.requestMatchers("/admin/*/login").permitAll()
|
.requestMatchers("/admin/*/login").permitAll()
|
||||||
@@ -41,11 +44,8 @@ public class SecurityConfig {
|
|||||||
.requestMatchers("/img/**").permitAll()
|
.requestMatchers("/img/**").permitAll()
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.formLogin(form -> form // 开启表单登录,并指定登录页
|
.exceptionHandling(ex -> ex
|
||||||
.loginPage("/admin/v1/login") // 指定登录页
|
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/admin/v1/login")))
|
||||||
.loginProcessingUrl("/admin/v1/doLogin") // 处理登录请求的 URL
|
|
||||||
.defaultSuccessUrl("/admin/v1/", false) // 登录成功后默认跳转
|
|
||||||
.permitAll())
|
|
||||||
.logout(logout -> logout
|
.logout(logout -> logout
|
||||||
.logoutUrl("/admin/v1/logout")
|
.logoutUrl("/admin/v1/logout")
|
||||||
.logoutSuccessUrl("/admin/v1/login")
|
.logoutSuccessUrl("/admin/v1/login")
|
||||||
@@ -54,7 +54,6 @@ public class SecurityConfig {
|
|||||||
.sessionManagement(session -> session
|
.sessionManagement(session -> session
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||||
);
|
);
|
||||||
;
|
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
@@ -72,4 +71,4 @@ public class SecurityConfig {
|
|||||||
public PasswordEncoder passwordEncoder() {
|
public PasswordEncoder passwordEncoder() {
|
||||||
return NoOpPasswordEncoder.getInstance();
|
return NoOpPasswordEncoder.getInstance();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user