Question

我尝试将Spring Security用于具有3种用户的应用程序：管理员，员工和负责人。每个人必须在他的身份验证后重定向到他的jsp页面，这些页面被分组在一个文件夹中这是我的弹簧配置，但不起作用：

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true">
    <intercept-url pattern="/**" access="ROLE_ADMIN" />
    <intercept-url pattern="/responsable*" access="ROLE_RESP" />
    <intercept-url pattern="/employee*" access="ROLE_EMP" />
</http>

 <authentication-manager>
  <authentication-provider>
    <user-service>
    <user name="admin" password="123456" authorities="ROLE_ADMIN" />
    <user name="resp" password="123456" authorities="ROLE_RESP" />
    <user name="emp" password="123456" authorities="ROLE_EMP" />
    </user-service>
   </authentication-provider>
  </authentication-manager>

  </beans:beans>

这是我的web.xml：

  <?xml version="1.0" encoding="UTF-8"?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns="http://java.sun.com/xml/ns/javaee"   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee     http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
   <display-name>projet</display-name>
   <welcome-file-list>

   <welcome-file>index.jsp</welcome-file>
   <welcome-file>responsable/responsable.jsp</welcome-file>
  <welcome-file>employee/employee.jsp</welcome-file>

    </welcome-file-list>
     <!-- Spring Security -->
   <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
  </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

     <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener
    </listener-class>
   </listener>
   <!-- Loads Spring Security config file -->
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
 </context-param>

</web-app>

Answer 1

@sad，您正在尝试将spring security用作重新导演而不是其实际目的。您的春季安全定义意味着您授予不同用户不同级别的权利。因此，虽然管理员可以访问您应用的每个网址，但员工可能只能访问以/ employee URL开头的任何区域。实际的重定向将在您的Disptacher Servlet / Controller配置中发生。感谢。

弹簧安全认证

1 个答案: