Spring在驗證登錄時在loginProcessingUrl上給出404

我已經將我的 Spring 應用程式配置為使用/authenticateurl 對登錄進行身份驗證，但是每次我嘗試登錄時都會引發以下錯誤：

org.springframework.web.servlet.DispatcherServlet.noHandlerFound No mapping for POST /authenticate

我很困惑，因為據我所知，loginProcessingUrl應該允許 Spring 在后臺處理身份驗證，而無需我提供 URL。

下面是我的SecurityConfig課

package com.eyanu.tournamentproject.config;

import com.myProject.tournamentproject.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Bean
    public BCryptPasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/register**","/*.css", "/tournament**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/authenticate")
                .permitAll()
                .and()
                .logout().permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**", "/static/**", "/static/css/**", "/js/**", "/images/**","/vendor/**","/fonts/**").anyRequest();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setPasswordEncoder(encoder());
        authenticationProvider.setUserDetailsService(userService);

        return authenticationProvider;
    }

}

& 試圖提交登錄憑據的表單

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Login</title>
</head>
<body>
<form:form action="${pageContext.request.contextPath}/authenticate" method="POST">
    <p>
    Username: <input type="text" name="username">
    </p>
    <p>
    Password: <input type="password" name="password">
    </p>

    <input type="submit" value="Log in">

</form:form>
</body>
</html>

uj5u.com熱心網友回復：

據我所知，問題出在這行代碼中：

@Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**", "/static/**", "/static/css/**", "/js/**", "/images/**","/vendor/**","/fonts/**").anyRequest();
    }

消除.anyRequest()

注意： Ignore是一個完全繞過Spring security的過濾器，相當于不采取spring security。
所以基本上，您在此處設定的 URL 請求web.ignoring().antMatchers(URLs)將被 Spring Security 忽略，這意味著這些 URL 將容易受到 CSRF、XSS、Clickjacking 等攻擊。如果您添加，.anyRequst()則 Spring Security（包括）將忽略所有請求"/authorize"，并且這就是為什么你得到 404

標籤：爪哇 春天 弹簧MVC

上一篇：Streamlit-IF陳述句取決于text_input

下一篇：提交按鈕在springboot中不起作用