您好我是Spring MVC的新手,当我尝试使用spring安全模块设计登录页面时。它正确验证并转发到公共页面。但另一方面,如果我直接访问URl:host / testApp / krams / main / common它无需登录即可获得Open。但是我尝试使用“method = RequestMethod.POST”,但是我得到的错误就像“HTTP状态405 - 请求方法'GET'不受支持”。我在WEB-INF下的所有Jsp页面因为我不想在没有登录的情况下直接访问任何页面。 请帮我理解这个概念。请看下面的代码。
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(@RequestParam(value="error", required=false) boolean error,
ModelMap model) {
logger.debug("Received request to show login page");
if (error == true) {
// Assign an error message
model.put("error", "You have entered an invalid username or password!");
} else {
model.put("error", "");
}
return "loginpage";
}
@RequestMapping(value = "/common", method = RequestMethod.POST)
public String getCommonPage() {
logger.debug("Received request to show common page");
System.out.println("---------From getCommonPage ---------");
// This will resolve to /WEB-INF/jsp/commonpage.jsp
return "commonpage";
}
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
答案 0 :(得分:0)
有关身份验证,请参阅here
AuthenticationInterceptor .java
package com.sivalabs.web.controllers;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.sivalabs.entities.User;
@Component
public class AuthenticationInterceptor extends HandlerInterceptorAdapter
{
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception
{
String uri = request.getRequestURI();
if(!uri.endsWith("login.do") && !uri.endsWith("logout.do"))
{
User userData = (User) request.getSession().getAttribute("LOGGEDIN_USER");
if(userData == null)
{
response.sendRedirect("login.do");
return false;
}
}
return true;
}
}
<强> WEB-INF /调度程序-servlet.xml中
<beans>
<context:annotation-config/>
<context:component-scan base-package="com.sivalabs"/>
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<ref bean="authenticationInterceptor"/>
</property>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp"/>
</beans>
现在,如果我们尝试访问任何其他网址而不登录应用程序,它将自动重定向到登录页面。
授权您可以使用 UserRoleAuthorizationInterceptor
请参阅here
<强>用法
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping">
<property name="interceptors" ref="authorizationInterceptor"/>
</bean>
<bean id="authorizationInterceptor"
class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
<property name="authorizedRoles" value="administrator,operator"/>
</bean>