Spring Security角色定义

时间:2015-03-23 08:53:02

标签: spring spring-security

当我尝试通过将用户名命名为&#34时进行身份验证; sumit1"密码为" 123"它将我重定向到登录错误页面,虽然我已经定义了与我为用户名定义的相同角色" sumit"

这是我的spring-security xml文件。 

<?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:security="http://www.springframework.org/schema/security"
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security 
       http://www.springframework.org/schema/security/spring-security-3.2.xsd">

     <!-- This is where we configure Spring-Security  -->
     <security:http auto-config="true" access-denied-page="/sumit/auth/denied.jsp" >


      <security:intercept-url pattern="/admin**" access="ROLE_ADMIN"/>
      <security:intercept-url pattern="/user**" access="ROLE_USER"/>
      <security:form-login authentication-failure-url="/sumit/auth/invalid.jsp"/>


      <!-- <security:form-login login-page="/sumit/auth/login.jsp"/> -->

      <security:logout logout-success-url="/index.jsp"/>

     </security:http>

     <!-- Declare an authentication-manager to use a custom userDetailsService -->
     <security:authentication-manager>
             <security:authentication-provider>
               <security:user-service><security:user name="sumit" password="123" authorities="ROLE_ADMIN"/></security:user-service>
               <security:user-service><security:user name="sumit1" password="123" authorities="ROLE_ADMIN"/></security:user-service>
             </security:authentication-provider>
     </security:authentication-manager>

     <!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
     <bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

      <!-- An in-memory list of users. No need to access an external database layer.
          See Spring Security 3.1 Reference 5.2.1 In-Memory Authentication -->
      <!-- john's password is admin, while jane;s password is user  -->


    </beans>

1 个答案:

答案 0 :(得分:0)

正如Pavel在评论中提到的,你有两个<security:user-service>标签。您只需要一个,并可以在同一个用户下定义多个用户。

<security:authentication-manager>
             <security:authentication-provider>
               <security:user-service>
                  <security:user name="sumit" password="123" authorities="ROLE_ADMIN"/>
                  <security:user name="sumit1" password="123" authorities="ROLE_ADMIN"/>
               </security:user-service>
             </security:authentication-provider>
</security:authentication-manager>
相关问题
最新问题