我正在开发一个Spring-MVC项目,我们使用Spring-Security进行身份验证和授权。在最近将Spring-security升级到4.0.1.RELEASE之后,出现了一些问题,但我能够通过更改项目中的一些内容来修复它们。现在,问题是我在下面使用的JSP标记不起作用:
<sec:authorize access="isAnonymous()">
<div class="registerNow btn btn-info btn-lg btn-regBut">
<spring:message code="index.promo.list.item5"/></div>
</sec:authorize>
但如果我用hasRole('ROLE_USER')替换上面的内容,那么它可以工作,但如果用户已经登录,则显示注册按钮没有任何意义。那么为什么即使IDE建议使用isAnonymous()它也不起作用,我应该传递什么参数来访问,以便未经过身份验证的用户只能看到该按钮。非常感谢。 : - )
security-applicationContext.xml:
<security:http pattern="/resources/**" security="none"/>
<security:http create-session="ifRequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">
<security:form-login login-page="/login" username-parameter="j_username" password-parameter="j_password" login-processing-url="/j_spring_security_check" default-target-url="/dashboard" always-use-default-target="true" authentication-failure-url="/denied" />
<security:remember-me key="_spring_security_remember_me" user-service-ref="userDetailsService" token-validity-seconds="1209600" data-source-ref="dataSource"/>
<security:logout delete-cookies="JSESSIONID" invalidate-session="true" logout-url="/j_spring_security_logout"/>
<!-- <security:intercept-url pattern="/**" requires-channel="https"/> -->
<security:intercept-url pattern="/j_spring_security_check" access="permitAll" />
<security:port-mappings>
<security:port-mapping http="8080" https="8443"/>
</security:port-mappings>
<security:logout logout-url="/logout" logout-success-url="/" success-handler-ref="myLogoutHandler"/>
<security:session-management session-fixation-protection="migrateSession">
<security:concurrency-control session-registry-ref="sessionRegistry" max-sessions="5" expired-url="/login"/>
</security:session-management>
<security:csrf disabled="true"/>
</security:http>
<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<beans:constructor-arg index="0" value="_spring_security_remember_me"/>
<beans:constructor-arg index="1" ref="userDetailsService"/>
<beans:constructor-arg index="2" ref="jdbcTokenRepository"/>
<property name="alwaysRemember" value="true"/>
</beans:bean>
<beans:bean id="jdbcTokenRepository"
class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
<beans:property name="createTableOnStartup" value="false"/>
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<!-- Remember me ends here -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="LoginServiceImpl">
<security:password-encoder ref="encoder"/>
</security:authentication-provider>
</security:authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="LoginServiceImpl"/>
<beans:property name="passwordEncoder" ref="encoder"/>
</beans:bean>
</beans>