Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
I follow this page
but my login page is not work
this my java
package org.zkoss.zkspringboot.edc.config;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.zkoss.zkspringboot.edc.service.WebServiceAuthenticationProvider;
/* * This is an example of minimal configuration for ZK + Spring Security, we open as less access as possible to run a ZK-based application. * Please understand the configuration and modify it upon your requirement. */ @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final String ZUL_FILES = "/zkau/web//.zul"; private static final String ZKRESOURCES = "/zkres/"; // allow desktop cleanup after logout or when reloading login page private static final String REMOVEDESKTOPREGEX = "/zkau\?dtid=.*&cmd0=rmDesktop&.*";
/*
@Autowired
private WebServiceAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// ZK already sends a AJAX request with a built-in CSRF token,
// please refer to https://www.zkoss.org/wiki/ZK%20Developer's%20Reference/Security%20Tips/Cross-site%20Request%20Forgery
http.csrf().disable();
http.authorizeRequests()
//.antMatchers(ZUL_FILES).denyAll() // block direct access to zul files
.antMatchers(HttpMethod.GET, ZK_RESOURCES).permitAll() // allow zk resources
.regexMatchers(HttpMethod.GET, REMOVE_DESKTOP_REGEX).permitAll() // allow desktop cleanup
.requestMatchers(req -> "rmDesktop".equals(req.getParameter("cmd_0"))).permitAll() // allow desktop cleanup from ZATS
.mvcMatchers("/","/login","/logout").permitAll()
//.mvcMatchers("/secure").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").defaultSuccessUrl("/main")
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login");
}
/**
* Creates an {@link InMemoryUserDetailsManager} for demo/testing purposes only. DON'T use this in production, see: {@link User#withUserDetails}!
* @return userDetailsService
*/
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
browser console print error mesaage
but I flush page is can work (F5)
Asked: 2022-05-11 16:43:39 +0800
Seen: 2 times
Last updated: May 11