我的要求非常简单:
思考自己不应该太难。我之前做过这个,但是自己编程。这次我们正在做一个新项目,我决定试一试。
除了我在项目spring安全依赖项中使用的spring依赖项:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
${org.springsecurity-version}为3.0.4.RELEASE的位置。这是我web.xml的重要部分:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:security-app-context.xml
/WEB-INF/spring/root-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我的security-app-context.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http once-per-request="false" auto-config="false">
<!-- All other resources to require users to have user role USER_ROLE to view -->
<intercept-url pattern="/*" access="ROLE_USER" />
<!-- Don't apply any filters to the login form either, we want unauthenticated users to be able to see this -->
<intercept-url pattern="/login" filters="none" />
<anonymous />
<http-basic />
<form-login login-page="/login"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="myUserDetailsService" />
</authentication-manager>
<!-- I've defined a custom UserDetails service to lookup users in my db using me own implementation -->
<beans:bean id="myUserDetailsService" class="fully.qualified.class.name.MyUserDetailsService">
<!--<beans:property name="userServ" ref="UserService" /> -->
</beans:bean>
</beans:beans>
这是我的控制器(显示我只想登录用户看到的仪表板页面):
@Controller
@RequestMapping("main")
public class DashboardController {
@RequestMapping("start")
public String getDashboard(){
return "dashboard";
}
}
我的登录控制器(显示登录的方法):
@RequestMapping("/login")
public String getLogin(){
return "login";
}
我没有例外。这不是我上面描述的方式。只有不能正常工作的东西,我才能打开登录页面。我收到消息说无法找到。但是当我将登录控制器方法更改为:
时@RequestMapping("/login/me")
public String getLogin(){
return "login";
}
我的登录页面已打开。我不确定我做错了什么。我发现了几页,每一页都有一些东西,但我无法接受。我看了看:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html http://blog.richardadamdean.com/?p=213 https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html http://springinpractice.com/2008/10/11/hashing-and-salting-passwords-with-spring-security-2/ http://www.codercorp.com/blog/spring/security-spring/writing-custom-userdetailsservice-for-spring-security.html http://static.springsource.org/spring-security/site/tutorial.html
感谢您的任何提示!
答案 0 :(得分:2)
我使用Spring Security已有几年了,但有一个ROLE_ANONYMOUS或类似的东西,未经身份验证的用户可以获得,你应该在安全XML中分配给你的登录页面。
此外,我会将包含登录访问权限的行移动到通用/ *之上,因为我认为它是先到先得的。这一切都是基于生锈的记忆,所以如果不好就道歉。