我在Spring项目中使用Spring Security。以下是我的springSecurityConfiguration.xml文件。尝试使用正确的凭据登录后,页面重定向到
请注意,它超出了我的应用程序,这是恐怖电影。 custom_login页面显示在
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true" use-expressions="true">
<security:expression-handler ref="expressionHandler" />
<security:intercept-url pattern="/admin/*"
access="hasIpAddress('127.0.0.1')
and (isAnonymous() ? false : principal.lastname== 'Scarioni') and over18" />
<security:intercept-url pattern="/movies/**/*"
access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/movies/*"
access="hasAnyRole('ROLE_USER','ROLE_VIP')" />
<security:intercept-url pattern="/j_spring_security_switch_user"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/j_spring_security_exit_user"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/custom_login"
requires-channel="https" />
<security:intercept-url pattern="/j_spring_security_check"
requires-channel="https" />
<security:remember-me key="terror-key" />
<security:logout delete-cookies="JSESSIONID"
success-handler-ref="logoutRedirectToAny" />
<security:custom-filter ref="switchUser"
before="FILTER_SECURITY_INTERCEPTOR" />
<security:form-login login-page="/custom_login"
authentication-failure-handler-ref="serverErrorHandler"
username-parameter="user_param" password-parameter="pass_param" />
<security:session-management>
<security:concurrency-control
max-sessions="1" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="inMemoryUserServiceWithCustomUser" />
</security:authentication-manager>
<bean id="switchUser"
class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<property name="userDetailsService" ref="inMemoryUserServiceWithCustomUser" />
<property name="targetUrl" value="/" />
</bean>
<bean id="expressionHandler"
class="com.apress.pss.terrormovies.security.CustomWebSecurityExpressionHandler" />
<bean id="inMemoryUserServiceWithCustomUser"
class="com.apress.pss.terrormovies.spring.CustomInMemoryUserDetailsManager">
<constructor-arg>
<list>
<bean class="com.apress.pss.terrormovies.model.User">
<constructor-arg value="admin" />
<constructor-arg value="admin" />
<constructor-arg>
<list>
<bean
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_ADMIN" />
</bean>
</list>
</constructor-arg>
<constructor-arg value="Scarioni" />
<constructor-arg value="19" />
</bean>
<bean class="com.apress.pss.terrormovies.model.User">
<constructor-arg value="paco" />
<constructor-arg value="tous" />
<constructor-arg>
<list>
<bean
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_USER" />
</bean>
</list>
</constructor-arg>
<constructor-arg value="Miranda" />
<constructor-arg value="20" />
</bean>
<bean class="com.apress.pss.terrormovies.model.User">
<constructor-arg value="lucas" />
<constructor-arg value="fernandez" />
<constructor-arg>
<list>
<bean
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_VIP" />
</bean>
<bean
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_USER" />
</bean>
</list>
</constructor-arg>
<constructor-arg value="Silva" />
<constructor-arg value="20" />
</bean>
</list>
</constructor-arg>
</bean>
<bean id="logoutRedirectToAny"
class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="targetUrlParameter" value="redirectTo" />
</bean>
<bean id="serverErrorHandler"
class="com.apress.pss.terrormovies.security.ServerErrorFailureHandler" /></beans>
答案 0 :(得分:1)
在你的
中<security:form-login>
标记,添加以下内容,以便应用程序知道在成功登录尝试时重定向的位置:
default-target-url="/movies"
答案 1 :(得分:1)
检查您的登录表单配置。我想有一些像“defaultSuccessUrl”缺失的东西......
“先生,它与其他弹簧安全配置文件一起运行良好。 - Ankit昨天”
确定;您的欢迎文件/控制器中是否有指向登录页面的重定向?
“是的先生。有重定向登录”
如果我是对的,这可能是你的问题。在我的spring应用程序中,我的welcome-file(index.html)指向我的仪表板页面而不是我的登录页面。当用户未经过身份验证时,通过拦截器的自动重定向到达登录页面。