英文:
Multi login for normal user and admin user not working
问题
这是您的代码的翻译:
我使用两种配置,一种用于普通用户登录页面,另一种用于管理员用户登录页面。
这是我的普通用户配置:
@Configuration
@EnableWebSecurity
@Order(2)
public class Config {
@Bean
public UserDetailsService getUserDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.getUserDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
// 配置方法
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
protected SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/registration/**", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/registration", "/user/plandetails").permitAll()
.requestMatchers("/registration", "/user/checkout").permitAll()
.requestMatchers("/registration/", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup/**", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup", "/registration", "/user/plandetails").permitAll()
.requestMatchers("/user/**").hasRole("USER")
.requestMatchers("/**").permitAll()
.and()
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/dologin")
.defaultSuccessUrl("/user/dashboard")
.and()
.csrf().disable()
.authorizeHttpRequests()
.anyRequest().fullyAuthenticated()
.and()
.rememberMe();
return http.build();
}
}
这是我的管理员用户配置:
@Configuration
@Order(1)
public class AdminConfig {
@Bean
protected SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http
.authorizeHttpRequests()
.requestMatchers("/admin/**").authenticated()
.anyRequest().hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/admin/login")
.loginProcessingUrl("/admin/doAdminLogin")
.defaultSuccessUrl("/admin/adminDashboard")
.permitAll()
.and()
.logout()
.logoutUrl("/admin/logout")
.logoutSuccessUrl("/");
http
.csrf().disable();
return http.build();
}
}
我无法使用普通用户或管理员用户登录。当我输入密码时,它将重定向到`http://localhost:8080/dologin`,用户无法登录。这是错误截图https://i.stack.imgur.com/tD7oE.png,但是当我注释掉管理员配置页面的代码时,它开始工作。
根据我读到的某些地方,我需要为Spring Security分别保留普通用户和管理员用户登录的配置文件。
所以,请帮助解决这个问题。
<details>
<summary>英文:</summary>
I am using two configuration, one for normal user login page and another fpr admin user login page.
This configuration is for my normal user:
<!-- language: java -->
@Configuration
@EnableWebSecurity
@Order(2)
public class Config {
@Bean
public UserDetailsService getUserDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.getUserDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
// configure method
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
protected SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/registration/**", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/registration", "/user/plandetails").permitAll()
.requestMatchers("/registration", "/user/checkout").permitAll()
.requestMatchers("/registration/", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup/**", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup", "/signup", "/user/plandetails").permitAll()
.requestMatchers("/signup", "/registration", "/user/plandetails").permitAll()
.requestMatchers("/user/**").hasRole("USER")
.requestMatchers("/**").permitAll()
.and()
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/dologin")
.defaultSuccessUrl("/user/dashboard")
.and()
.csrf().disable()
.authorizeHttpRequests()
.anyRequest().fullyAuthenticated()
.and()
.rememberMe();
return http.build();
}
And this is my admin user configuration:
<!-- language: java -->
@Configuration
@Order(1)
public class AdminConfig{
@Bean
protected SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http
.authorizeHttpRequests()
.requestMatchers("/admin/**").authenticated()
.anyRequest().hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/admin/login")
.loginProcessingUrl("/admin/doAdminLogin")
.defaultSuccessUrl("/admin/adminDashboard")
.permitAll()
.and()
.logout()
.logoutUrl("/admin/logout")
.logoutSuccessUrl("/");
http
.csrf().disable();
return http.build();
}
}
I am not able to login with normal as well as with admin user. When I am entering password, it is redirecting me to `http://localhost:8080/dologin` and user is not getting logged in. This is the error screenshot https://i.stack.imgur.com/tD7oE.png but when I am commenting the admin configuration page code, it start to work.
As I have read somewhere and I need to keep configuration file for Spring Security separately for normal user and admin user login.
So, please help in solving this issue.
</details>
# 答案1
**得分**: 0
- 您的控制器没有映射到 `/` API。`404` 表示该URL没有映射到任何API。请检查您的控制器,然后转到相应的URL,登录,应该会出现相应的页面。
- 此外,`HttpSecurity` 类似乎已实现了建造者模式。
- 原始代码:
```
...
http.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http.authorizeHttpRequests()
.requestMatchers("/admin/**").authenticated().anyRequest()
...
```
- 您应该这样做:
```
...
http.authorizeHttpRequests()
.requestMatchers("/**").permitAll()
.and().authorizeHttpRequests()
.requestMatchers("/admin/**")
.authenticated().anyRequest()
...
```
您可以参考此[答案](https://stackoverflow.com/a/75516761/9462050)。
<details>
<summary>英文:</summary>
* Your controller does not have a mapping for `/` API. `404` means that there is no API mapped for that URL. Check your controller and then navigate to the respective URL, then log in, and the respective page should appear.
* Also, `HttpSecurity` class seems to have implemented a builder pattern.
Instead of:
...
http.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http.authorizeHttpRequests()
.requestMatchers("/admin/**").authenticated().anyRequest()
...
You should do something like :
...
http.authorizeHttpRequests()
.requestMatchers("/").permitAll()
.and().authorizeHttpRequests()
.requestMatchers("/admin/")
.authenticated().anyRequest()
...
You may refer to this [answer](https://stackoverflow.com/a/75516761/9462050)
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论