Question

我在我的Web应用程序中使用Spring Framework和Spring安全性。我想将用户注册表单集成到前端。我创建了jsp页面和控制器，并将页面链接到主页。但导航到该页面时，注册表单中的文本框字段将被禁用。我想知道spring-security对此负责，如果是，我必须在spring-security.xml中进行哪些配置

感谢。

这是我的代码

JSP页面

<jsp:include page="header-form.jsp">
<jsp:param name="title" value="Customer"/>
</jsp:include>

<body>
<div id="tableContainer-1">
<div id="tableContainer-2">
    <form:form id="frmEdit" method="post" form action=""  modelAttribute="customer">
    <legend>Personal Information</legend>
        <div class="form-group">
            <label class="control-label">First Name</label>
            <form:input path="firstName" class="form-control" type="text" required="true" size="40" maxlength="10"/>
        </div>
        <div class="form-group">
            <label class="control-label">Last Name</label>
            <form:input path="lastName" class="form-control" type="text" required="true" size="40" />
        </div>
        <c:if test="${screenMode == 'add'}"> 
            <div class="form-group">
                <label class="control-label">Country</label>

                <form:select path="countryCode.id" id="countrylist" class="form-control">
                          <option value="">Select</option>
                          <form:options items="${countryList}" itemValue="id" itemLabel="countryDesc" />
                </form:select>
            </div>
        </c:if>
        <div class="form-group">
            <label class="control-label">Contact No</label>
            <form:input path="contactNo" class="form-control" type="text" required="true" size="40" />
        </div>

        <div class="form-group">
            <label class="control-label">Email</label>
            <form:input path="email" class="form-control" type="text" required="true" size="40" />
        </div>


        <div class="form-group">
            <label class="control-label">NIC / PP / DL</label>
            <form:input path="nicPpDl" class="form-control" type="text" required="true" size="40" />
        </div>


        <legend>Login Details</legend>

        <div class="form-group">
            <label class="control-label">User Name</label>
            <form:input path="userName" class="form-control" type="text" required="true" size="20" />
        </div>


        <div class="form-group">
            <label class="control-label">Pass Word</label>
            <form:input path="password" class="form-control" type="text" required="true" size="20" />
        </div>

        <div class="form-group">
            <label class="control-label">Confirm PassWord</label>
            <form:input path="" class="form-control" type="text" required="true" size="40" />
        </div>


        <div class="form-actions">
            <button type="submit" class="btn btn-primary">Save changes</button>
            <button type="button" class="btn" onclick="onCancel()">Cancel</button>
        </div>      
    </form:form>

</div>
</div>
</body>

弹簧security.xml文件

请注意/ cus / customer / list是注册表的网址。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
                             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                       http://www.springframework.org/schema/security
                       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<global-method-security secured-annotations="enabled" />



<!-- <http pattern="/cus/welcome/" security="none" />-->

<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**" />
<http security="none" auto-config="true" use-expressions="true" pattern="/cus/customer/**" />
<http auto-config="true" use-expressions="true">


    <intercept-url pattern="/cus/customer/list"  access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <form-login 
          login-page="/cus/" default-target-url="/index.jsp" always-use-default-target="true"
            authentication-failure-url="/cus/"
            />

   <!-- <logout
            invalidate-session="true" 
           logout-success-url="/cus/" 
        logout-url="/cus/"/> -->

</http>


<authentication-manager>
  <authentication-provider>
    <user-service>
        <user name="rajith" password="123" authorities="ROLE_USER" />

    </user-service>
  </authentication-provider>
</authentication-manager>
<authentication-manager> 
   <authentication-provider user-service-ref="customUserDetailsService">
        <password-encoder ref="passwordEncoder"/> 
    </authentication-provider>
</authentication-manager> 

<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

<beans:bean id="customUserDetailsService" class="com.ontag.mcash.customer.web.service.impl.UserDetailsServiceImpl"/> 




</beans:beans>

Answer 1

最后我解决了这个问题。问题在于春季安全问题。 Spring安全性限制了对ajax调用的访问，因为它未在spring-security.xml中配置以允许访问。您需要将安全性设置为none，而不是每个页面和您正在请求的ajax调用。只需将两行添加到spring-security.xml中，并且一切正常。

<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http pattern="/cus/customer/signup" security="none" />
<http pattern="/cus/customer/register" security="none" />
<http pattern="/cus/customer/login" security="none" />
<http pattern="/cus/customer/validatePassword" security="none" />
<http pattern="/cus/customer/test.json" security="none" />
<http pattern="/cus/agent/list.json" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**"     />

如何将用户注册表与Spring安全性集成

1 个答案: