Question

我是春天安全的新手。在Spring安全性中，页面不会根据intercept-url的角色进行渲染。无论角色是什么，default-target-url都会为每个请求呈现

这是我的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
  <display-name>bjgsecurity</display-name>

 <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
          /WEB-INF/mvc-dispatcher-servlet.xml,  
         /WEB-INF/security-config.xml  
        </param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

   <filter>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
 </filter>  

 <filter-mapping>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <url-pattern>/*</url-pattern>  
 </filter-mapping>  

</web-app>

这是security-config.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
 http://www.springframework.org/schema/security  
 http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <access-denied-handler error-page="/403page" />
        <intercept-url pattern="/admin**" access="ROLE_ADMIN"/>
        <intercept-url pattern="/user**" access="ROLE_USER"/>
        <form-login login-page='/login' username-parameter="username"
            password-parameter="password" default-target-url="/user"
            authentication-failure-url="/login?authfailed" />
        <logout logout-success-url="/login?logout" />
    </http>

    <!-- <authentication-manager> <authentication-provider> <user-service> <user 
        name="user" password="user@123" authorities="ROLE_ADMIN" /> </user-service> 
        </authentication-provider> </authentication-manager> -->

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="select username,password, enabled from users where username=?"
                authorities-by-username-query="select username, role from user_roles where username =?  " />
        </authentication-provider>
    </authentication-manager>

</beans:beans>

这是我的控制器

package com.model.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class LoginController 
{
    @RequestMapping("login")
    public ModelAndView getLoginForm(@RequestParam(required=false) String authfailed, String logout, String denied) 
    {

        String message="";

        if(authfailed != null)
        {
            message="invalid username of password. plz try again!";
        }
        else if (logout != null) {
            message="Loged Out Successfully.. login again to continue !";
        }
         else if (denied != null) {  
               message = "Access denied for this user !";  
        }  
        return new ModelAndView("login", "message", message);
    }
    @RequestMapping("user")
    public String getUserPage() 
    {
        return "user";
    }
    @RequestMapping("admin")
    public String getAdminPage() {

        return "admin";
    }
    @RequestMapping("403page")
    public String get403denied() {

        return "redirect:login?denied";
    }

}

我的代码有什么问题

Answer 1

将 / （斜杠）放入@RequestMapping

<强> @RequestMapping（＆＃34; /管理＆＃34）

而不是

@RequestMapping（＆＃34; admin＆＃34;）

为所有@RequestMapping做。

在security-config.xml

中

<intercept-url pattern="/admin" access="ROLE_ADMIN"/>

<intercept-url pattern="/user" access="ROLE_USER"/>

而不是

<intercept-url pattern="/admin**" access="ROLE_ADMIN"/>

<intercept-url pattern="/user**" access="ROLE_USER"/>

在spring security中不显示相应的页面

1 个答案: