我使用以下配置的spring security。每当我尝试访问根网址,即' /'时,我需要进行' /验证'。有人可以告诉我我错过了什么吗?
<http auto-config='true' use-expressions='true'>
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/verify" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/signup" access="permitAll" />
<intercept-url pattern="/admin/**" access="hasAnyRole('SUPER','ADMIN')" />
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login login-page="/verify" default-target-url="/home"
username-parameter="user_email" password-parameter="user_password"
always-use-default-target="true" authentication-failure-url="/verify"
authentication-success-handler-ref="authSuccessHandler" />
<logout logout-success-url="/logout" logout-url="/logoutuser" />
<headers>
<cache-control />
<hsts />
</headers>
</http>
我的控制器
@Controller
public class VerifyController {
@RequestMapping(value = "/verify")
public String userVerification() {
return "index";
}
}
答案 0 :(得分:0)
看来你是网址模式&#34; / **&#34;指示SS运行isAuthenticated()
是否可以触发重定向到/ verify?
答案 1 :(得分:0)
我无法确定它,但一个常见的陷阱是忘记允许访问公共HTML或JSP页面(最终通过控制器)使用的资源文件,图像,css或js。
如果是您的问题,我的建议是将它们放在resources文件夹下,或者放在images,css和js文件夹下,并添加相应的文件夹Spring Security配置中的行:
<http auto-config='true' use-expressions='true'>
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/css/**" access="permitAll" />
...
</http>