0

Login issue on Secure a ZK Application with Spring Security

asked 2022-05-11 16:43:39 +0800

manchen gravatar image manchen
151 2

updated 2022-05-11 16:45:14 +0800

I follow this page

https://www.zkoss.org/wiki/ZKSpringEssentials/WorkingwithZKSpring/WorkingwithZKSpringSecurity/SecureaZKApplicationwithSpring_Security

but my login page is not work

this my java

package org.zkoss.zkspringboot.edc.config;

import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.zkoss.zkspringboot.edc.service.WebServiceAuthenticationProvider;

/* * This is an example of minimal configuration for ZK + Spring Security, we open as less access as possible to run a ZK-based application. * Please understand the configuration and modify it upon your requirement. */ @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final String ZUL_FILES = "/zkau/web//.zul"; private static final String ZKRESOURCES = "/zkres/"; // allow desktop cleanup after logout or when reloading login page private static final String REMOVEDESKTOPREGEX = "/zkau\?dtid=.*&cmd0=rmDesktop&.*";

/*
@Autowired
private WebServiceAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authProvider);
}
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    // ZK already sends a AJAX request with a built-in CSRF token,
    // please refer to https://www.zkoss.org/wiki/ZK%20Developer's%20Reference/Security%20Tips/Cross-site%20Request%20Forgery
    http.csrf().disable();
    http.authorizeRequests()
        //.antMatchers(ZUL_FILES).denyAll() // block direct access to zul files
        .antMatchers(HttpMethod.GET, ZK_RESOURCES).permitAll() // allow zk resources
        .regexMatchers(HttpMethod.GET, REMOVE_DESKTOP_REGEX).permitAll() // allow desktop cleanup
        .requestMatchers(req -> "rmDesktop".equals(req.getParameter("cmd_0"))).permitAll() // allow desktop cleanup from ZATS
        .mvcMatchers("/","/login","/logout").permitAll()
        //.mvcMatchers("/secure").hasRole("USER")
        .anyRequest().authenticated()
        .and()
        .formLogin()
        .loginPage("/login").defaultSuccessUrl("/main")
        .and()
        .logout().logoutUrl("/logout").logoutSuccessUrl("/login");
}

/**
 * Creates an {@link InMemoryUserDetailsManager} for demo/testing purposes only. DON'T use this in production, see: {@link User#withUserDetails}!
 * @return userDetailsService
 */
@Bean
@Override
public UserDetailsService userDetailsService() {
    UserDetails user =
            User.withDefaultPasswordEncoder()
                    .username("user")
                    .password("password")
                    .roles("USER")
                    .build();

    return new InMemoryUserDetailsManager(user);
}

}

browser console print error mesaage

image description

but I flush page is can work (F5)

delete flag offensive retag edit
Be the first one to answer this question!
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2022-05-11 16:43:39 +0800

Seen: 2 times

Last updated: May 11

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More