Spring Security 5 身份验证失败

Java

烙印99 2022-04-28 17:22:26

我正在尝试使用 spring security 5 验证使用。@Configuration@ComponentScan(basePackages = { "com.lashes.studio.security" })@EnableWebSecuritypublic class CustomSecurityService extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationSuccessHandler myAuthenticationSuccessHandler; @Autowired private AuthenticationFailureHandler authenticationFailureHandler; @Autowired private LogoutSuccessHandler myLogoutSuccessHandler; @Autowired private MyUserDetailsService userDetailsService; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(SecurityUtils.passwordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/", "/mail.js/**", "/font-awesome/**", "/css/**", "/js/**", "/img/**", "/fonts/**", "/login*", "/login*", "/logout*", "/signin/**", "/signup/**", "/customLogin", "/user/registration*", "/registrationConfirm*", "/expiredAccount*", "/registration*", "/badUser*", "/user/resendRegistrationToken*", "/forgetPassword*", "/user/resetPassword*", "/user/changePassword*", "/adminlogin/**", "/eauthenticationmanagerbuildermailError*", "/admin/**", "/admin/js/**", "/resources/**", "/old/user/registration*", "/successRegister*") .permitAll() }

查看完整描述

1 回答

青春有我

TA贡献1784条经验获得超8个赞

在您的登录页面中，我没有看到任何csrf token字段。而且我没有http.csrf().disable()在您的安全配置中看到，所以我怀疑 Spring Security 拒绝登录 POST，因为缺少令牌。

例如，一个 JSP 可以有标签

<input type="hidden"
       name="${_csrf.parameterName}"
       value="${_csrf.token}"/>

https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/csrf.html

反对回复 2022-04-28

热搜

最近搜索清空

Spring Security 5 身份验证失败

Spring Security 5 身份验证失败

1 回答

添加回答