在spring security中使用http get方法访问资源,如localhost:8090 / MyProject / admin / createProfile.html?j_username = admin& j_password = admin

时间:2014-09-23 15:34:55

标签: spring-security

这是我的安全配置文件,Any Idea如何实现这个?从最近3天开始,我正在研究这个问题,但没有得到解决方案。非常感谢您的帮助。 

    <http access-denied-page="/WEB-INF/pages/accessdenied.jsp"
        auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
        <logout invalidate-session="true" logout-success-url="/logout.html" delete-cookies="JSESSIONID" />
        <intercept-url pattern="/login" access="permitAll" />
        <intercept-url pattern="/admin/**" method = "GET" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/welcome.html" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="testFilter" />
    </http>

    <beans:bean id="testFilter"
        class="com.test.dev..PreUsernamePasswordAuthenticationFilter">
        <beans:property name="postOnly" value="false" />
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationFailureHandler" ref="failureHandler" />
        <beans:property name="authenticationSuccessHandler" ref="successHandler" />
    </beans:bean>

    <beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/welcome.html" />
        <beans:property name="alwaysUseDefaultTargetUrl" value="true" />
    </beans:bean>

    <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/loginfailed.html" />
    </beans:bean>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.html" />
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userDetailsService">
        </authentication-provider>
    </authentication-manager>

    <security:global-method-security
        secured-annotations="enabled" jsr250-annotations="enabled"
        pre-post-annotations="enabled">
    </security:global-method-security>

1 个答案:

答案 0 :(得分:-1)

您可以在web.xml文件中添加此过滤器,并将spring security.xml文件导入application-context.xml文件。????????????????

&#13;
&#13; 
 <filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>
&#13;
&#13;
&#13;

相关问题
最新问题