我正在将 Spring Security 集成到我的第一个 Angular 项目中。我关注了许多文章和示例,包括this https://github.com/kamalber/spring-boot-angular4-authentication, this https://libraries.io/github/kamalber/spring-boot-angular4-authentication, this https://spring.io/guides/tutorials/spring-security-and-angular-js/, this https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii and this https://spring.io/guides/gs/authenticating-ldap/。我希望我的应用程序具有 Spring Security 并通过 LDAP 进行身份验证。如果我在 \src\main\resources\templates 中保存一个 login.html 那么我可以看到登录页面。但我希望登录页面来自 Angular 组件。所以我从\src\main\resources\templates 中删除/重命名了login.html。当我点击 localhost:8080 时,它会转到我的 LoginController (yu=ou 可以在日志中看到 sysout),然后我收到以下错误
018-04-28 07:30:34.610 DEBUG 11520 --- [nio-8080-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2018-04-28 07:30:34.610 DEBUG 11520 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login reached end of additional filter chain; proceeding with original chain
>>>>>>>>>>>> LoginController.login()...
2018-04-28 07:30:34.611 ERROR 11520 --- [nio-8080-exec-9] org.thymeleaf.TemplateEngine : [THYMELEAF][http-nio-8080-exec-9] Exception processing template "login": Error resolving template "login", template might not exist or might not be accessible by any of the configured Template Resolvers
2018-04-28 07:30:34.611 DEBUG 11520 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-04-28 07:30:34.611 DEBUG 11520 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-04-28 07:30:34.612 ERROR 11520 --- [nio-8080-exec-9] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateInputException: Error resolving template "login", template might not exist or might not be accessible by any of the configured Template Resolvers] with root cause
org.thymeleaf.exceptions.TemplateInputException: Error resolving template "login", template might not exist or might not be accessible by any of the configured Template Resolvers
at org.thymeleaf.TemplateRepository.getTemplate(TemplateRepository.java:246)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1104)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1060)
谷歌搜索后我尝试了很多方法,但还没有成功。有什么建议请..
我的文件:
登录控制器.java
@RequestMapping("/login")
String login(){
System.out.println(">>>>>>>>>>>> LoginController.login()...");
return "login";
}
WebSecurityConfiguration.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//.httpBasic().and()
.authorizeRequests()
// .antMatchers("/**").permitAll()
.antMatchers("/index.html", "/", "/home", "/login").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login")
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
/*http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/resources/**", "/assets/**", "/css/**", "/js/**", "/fonts/**")
//.antMatchers("/**")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.successHandler(authenticationSuccessHandler)
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.httpBasic();
//http.cors();
*/ }
应用程序路由.module.ts
const routes: Routes = [
{ path: 'login', component: LoginComponent },
{ path: '', redirectTo: '/home', pathMatch: 'full' },
{ path: 'dashboard', redirectTo: '/home', pathMatch: 'full' },
{
path: 'home',
component: DashboardComponent,
data: { title: 'Dashboard' }
},
{
path: 'linesidemonitor',
component: LinesideMonitorComponent,
data: {title: 'Lineside Monitor'}
},
如果我使用 .and().formLogin() 那么我会收到此错误:
2018-04-28 08:32:08.394 DEBUG 10404 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
如果我使用 .httpBasic().and(),那么我会收到我不想要的浏览器登录弹出窗口