@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public ProviderManager authenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(userDetailsService());
return new ProviderManager(provider);
}
@Bean
public LogoutSuccessHandler logoutSuccessHandler() {
return new HttpStatusReturningLogoutSuccessHandler();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz
.anyRequest()
.permitAll()
)
.httpBasic(withDefaults());
return http.build();
}
}
@RestController
@RequestMapping("/users")
public class UserController {
/**
* The {@code UserService} object that is used to access the business logic of the user-related operations.
*/
@Autowired
private UserService userService;
/**
* This method is used to display the home page of the Quiz Game application.
* @return The name of the HTML file that is used to display the home page.
*/
@GetMapping("/")
public String viewHomePage() {
return "index";
}
/**
* This method is used to display the registration form for new users.
* @param model The model object that is used to pass data to the view.
* @return The name of the HTML file that is used to display the registration form.
*/
@GetMapping("/register")
public String showRegistrationForm(Model model) { // Das Model-Objekt ist aus dem Spring-Framework importiert. Es gibt noch ein anderes Model-Objekt, das aus dem Thymeleaf-Framework importiert werden kann.
model.addAttribute("user", new User());
return "authentication/signup_form";
}
/**
* This method is used to process the registration form for new users.
* It is called when the user clicks the "Register" button on the registration form.
* @param user The {@code User} object that is used to store the data entered by the user.
* @return The name of the HTML file that is used to display the result of the registration process.
*/
@PostMapping("/process_register")
public String processRegistration(User user) {
return userService.registerUser(user) ? "authentication/register_success" : "authentication/register_fail";
}
@GetMapping("/game")
public String viewGame(){
return "game/demo";
}
@PostMapping("/login")
public String login(@ModelAttribute User user) {
return "login";
}
}
我目前正在为测验游戏应用程序设置 Spring Security。我已经在 UserController 中实现了登录和注册功能,但遇到了一些问题。感谢您在解决以下问题时提供的任何帮助:
我已经在 UserController 中实现了一个登录端点,并且我正在使用 Thymeleaf 来呈现登录表单。
如何使用我的控制器正确过滤登录和注册?
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests((authz) -> authz.requestMatchers("/users/register","/users/login","/users/process_register").permitAll()
.anyRequest().authenticated()
)
.httpBasic(Customizer.withDefaults());
return http.build();
}