java - Why is Spring Security not working?

Question

Welcome To Ask or Share your Answers For Others

java - Why is Spring Security not working?

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

java - Why is Spring Security not working?

I am trying to integrate Spring Security in my project.

I have followed the documentation given here: https://spring.io/guides/gs/securing-web/

Instead of Spring Boot, I have configured everything using XML.

My web.xml is:

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.css</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.js</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

dispatcher-servlet.xml:

<context:component-scan base-package="com.name.ot" />

<bean id="resolver"
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="viewClass"
        value="org.springframework.web.servlet.view.JstlView" />
    <property name="prefix" value="/WEB-INF/" />
    <property name="suffix" value=".jsp" />
</bean>

And my view controller is:

@Controller
public class HomeController{

    @RequestMapping(value={"/", "/home"}, method = RequestMethod.GET)
    public ModelAndView home() {

        ModelAndView model = new ModelAndView("home");
        return model;
    }

    @RequestMapping(value={"/hello"}, method = RequestMethod.GET)
    public ModelAndView hello() {

        ModelAndView model = new ModelAndView("hello");
        return model;
    }

    @RequestMapping(value={"/login"}, method = RequestMethod.GET)
    public ModelAndView login() {

        ModelAndView model = new ModelAndView("login");
        return model;
    }
}

My security class:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

But, I am able to access all the pages, /, /home, /hello, /login.

I don't want the user to directly access /hello, without going in /login.

What am I doing wrong?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T20:03:29+0000

I had the same issue.

My solution is as mentioned in the "Spring in action" book by Craig Walls p247. You need to create an empty class that extends AbstractSecurityWebApplicationInitializer.

public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {}

Categories

java - Why is Spring Security not working?

java - Why is Spring Security not working?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags