Question

我正在开发一个使用SS进行角色管理的webapp。当我尝试以管理员身份登录时，它工作正常，但问题是当我想以用户身份登录时，我不想这样做。任何想法PLZ

这是我的security-cpntext.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security 
                http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- We will be defining all security related configurations in this file -->
<http pattern="/login" security="none" />

<http use-expressions="true" >
        <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/login" access="permitAll" />  
        <intercept-url pattern="/index" access="hasRole('Admin')"/>
        <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login"/> <!-- We will just use the built-in form login page in Spring -->
        <access-denied-handler error-page="/login" />
        <!-- <intercept-url pattern="/**" access="isAuthenticated()"/>  --><!--   this means all URL in this app will be checked if user is authenticated -->
        <logout logout-url="/logout" logout-success-url="/index"/> <!-- the logout url we will use in JSP -->
</http>

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" ></beans:property>

</beans:bean>

<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider"/>
        </beans:list>
    </beans:property>
</beans:bean>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5"></password-encoder>
    </authentication-provider>
</authentication-manager>

Answer 1

我可以看到这里可能导致问题的两个潜在问题。

1）您为hasRole('Admin')指定了/index。如果角色名称为Admin，则应指定hasRole('ROLE_Admin')。

2）您的配置中存在重复。 <authentication-manager>告诉Spring安全性创建一个ProviderManager实例。所以你已经声明了这一点，但是你也手动将ProviderManager指定为一个重复<authentication-manager>所做的bean实例。删除以下内容：

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" ></beans:property>

</beans:bean>

<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider"/>
        </beans:list>
    </beans:property>
</beans:bean>

然后离开：

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5"></password-encoder>
    </authentication-provider>
</authentication-manager>

试一试，看看你得到了什么。

春季安全

1 个答案: