春季安全角色问题

时间:2013-12-10 23:52:25

标签: spring spring-security

我想要输入os用户(管理员和用户)

这是我的安全xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true" use-expressions="true" access-denied-page="/jsp/static/deniedpage.jsp">
    <intercept-url pattern="/login" access="permitAll" />
    <intercept-url pattern="/jsp/static/**" access="isAuthenticated()" />
    <intercept-url pattern="/jsp/users/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/jsp/admin/**" access="hasRole('ROLE_ADMIN')" />
    <logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
    <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login?error=true" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username,password, enabled from Users where USERNAME=?"
            authorities-by-username-query="select u.username, ur.authority from USERS u, USER_ROLES ur where u.user_id= ur.user_id and u.username=?" />
    </authentication-provider>
</authentication-manager>
<global-method-security secured-annotations="enabled" />

这是我的LoginController 

@Controller

public class LoginController {

@RequestMapping(value = "/index", method = RequestMethod.GET)
public String accessUserPage(Model model) {
    model.addAttribute("message",
            "This page is publicly accessible. No authentication is required to view.");
    return "/users/menu";
}

@RequestMapping("/admin/menuAdmin")
public String accessSecuredPage(Model model) {
    model.addAttribute("message",
            "Only you are authenticated and authorized to view this page.");
    return "/admin/menuAdmin";
}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
    return "login";
}

@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
    model.addAttribute("error", "true");
    return "login";
}

@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
    return "login";
}

现在我每次登录时都会转到那条路径/ jsp / users / menu,即使它是Role_Admin

如你所见,我有不同的路径

<intercept-url pattern="/jsp/static/**" access="isAuthenticated()" />
<intercept-url pattern="/jsp/users/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/jsp/admin/**" access="hasRole('ROLE_ADMIN')" />

我的代码出了什么问题?登录工作但不是我想要的方式

由于

1 个答案:

答案 0 :(得分:1)

您的拦截网址错误。 该模式不应与jsp文件的路径匹配,而应与您的URL路径匹配。你应该写这样的东西。

<intercept-url pattern="/index" access="hasRole('ROLE_USER')">
<intercept-url pattern="/admin/menuAdmin" access="hasRole('ROLE_ADMIN')">
相关问题
最新问题