我在我的Web应用程序中使用Spring Framework和Spring安全性。 我想将用户注册表单集成到前端。我创建了jsp页面和控制器,并将页面链接到主页。但导航到该页面时,注册表单中的文本框字段将被禁用。我想知道spring-security对此负责,如果是,我必须在spring-security.xml中进行哪些配置
感谢。
这是我的代码
JSP页面
<jsp:include page="header-form.jsp">
<jsp:param name="title" value="Customer"/>
</jsp:include>
<body>
<div id="tableContainer-1">
<div id="tableContainer-2">
<form:form id="frmEdit" method="post" form action="" modelAttribute="customer">
<legend>Personal Information</legend>
<div class="form-group">
<label class="control-label">First Name</label>
<form:input path="firstName" class="form-control" type="text" required="true" size="40" maxlength="10"/>
</div>
<div class="form-group">
<label class="control-label">Last Name</label>
<form:input path="lastName" class="form-control" type="text" required="true" size="40" />
</div>
<c:if test="${screenMode == 'add'}">
<div class="form-group">
<label class="control-label">Country</label>
<form:select path="countryCode.id" id="countrylist" class="form-control">
<option value="">Select</option>
<form:options items="${countryList}" itemValue="id" itemLabel="countryDesc" />
</form:select>
</div>
</c:if>
<div class="form-group">
<label class="control-label">Contact No</label>
<form:input path="contactNo" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-group">
<label class="control-label">Email</label>
<form:input path="email" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-group">
<label class="control-label">NIC / PP / DL</label>
<form:input path="nicPpDl" class="form-control" type="text" required="true" size="40" />
</div>
<legend>Login Details</legend>
<div class="form-group">
<label class="control-label">User Name</label>
<form:input path="userName" class="form-control" type="text" required="true" size="20" />
</div>
<div class="form-group">
<label class="control-label">Pass Word</label>
<form:input path="password" class="form-control" type="text" required="true" size="20" />
</div>
<div class="form-group">
<label class="control-label">Confirm PassWord</label>
<form:input path="" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Save changes</button>
<button type="button" class="btn" onclick="onCancel()">Cancel</button>
</div>
</form:form>
</div>
</div>
</body>
弹簧security.xml文件
请注意/ cus / customer / list是注册表的网址。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security secured-annotations="enabled" />
<!-- <http pattern="/cus/welcome/" security="none" />-->
<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**" />
<http security="none" auto-config="true" use-expressions="true" pattern="/cus/customer/**" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/cus/customer/list" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login
login-page="/cus/" default-target-url="/index.jsp" always-use-default-target="true"
authentication-failure-url="/cus/"
/>
<!-- <logout
invalidate-session="true"
logout-success-url="/cus/"
logout-url="/cus/"/> -->
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rajith" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<beans:bean id="customUserDetailsService" class="com.ontag.mcash.customer.web.service.impl.UserDetailsServiceImpl"/>
</beans:beans>
答案 0 :(得分:1)
最后我解决了这个问题。 问题在于春季安全问题。 Spring安全性限制了对ajax调用的访问,因为它未在spring-security.xml中配置以允许访问。 您需要将安全性设置为none,而不是每个页面和您正在请求的ajax调用。只需将两行添加到spring-security.xml中,并且一切正常。
<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http pattern="/cus/customer/signup" security="none" />
<http pattern="/cus/customer/register" security="none" />
<http pattern="/cus/customer/login" security="none" />
<http pattern="/cus/customer/validatePassword" security="none" />
<http pattern="/cus/customer/test.json" security="none" />
<http pattern="/cus/agent/list.json" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**" />