Spring Security询问身份验证问题
我的内存auth的基本弹簧安全性即使在登录访问intercept-URL后也要求凭据。我的Spring配置如下
Web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>WOW-PORTAL</display-name>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>DailyStatusReport</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>DailyStatusReport</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>
DailyStatusReport-servlet.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="org.WOW.*" />
<mvc:annotation-driven/>
<bean name="TestExecutionReport" class="MasterCraft.src.testReport.TestExecutionReport"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/" />
<property name="suffix" value=".jsp" />
</bean>
我的java配置是:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("password").roles("USER", "FOO");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login.do")
.loginProcessingUrl("/login.do")
.defaultSuccessUrl("/")
.usernameParameter("custom_username")
.passwordParameter("custom_password")
.failureUrl("/login.do?error=true")
.and()
.logout().logoutUrl("/logout.do").logoutSuccessUrl("/login.do?logout=true")
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/reports/*.do").hasAnyAuthority("USER")
.antMatchers("/schedule/*").hasAnyAuthority("FOO")
.anyRequest().anonymous();
}
}
我的控制器:
@RequestMapping(value="reports/addCoq",method=RequestMethod.GET)
public String getAddCOQScreen(){
return "projectCOQ";
}
@RequestMapping(value="/login",method=RequestMethod.GET)
public String getLogincreen(){
return "login";
}
@RequestMapping(value="/getCoq",method=RequestMethod.GET)
public String getAddCOQReportScreen(){
return "COQReport";
}
登录后如果我转到任何拦截网址,我会再次通过登录页面提示
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring"%>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<style>
.googleimage {
margin: -15px -16px 1px -3px;
}
.userIcon {
float : right !important
}
</style>
<nav class="navbar-fixed-top">
<div class="container">
<ul class="nav nav-pills" role="tablist">
<link rel="shortcut icon" href="images/logo/favicon.ico" type="image/x-icon" />
<li> <a target="_blank" href="#"class="googleimage">
</a></li>
<!-- <li> <img src="images/headerImages/cam.png"></li>
<li><img src="images/headerImages/player.png"></li> -->
<sec:authorize access="authenticated" var="authenticated"/>
<c:choose>
<c:when test="${authenticated}">
<li>
<p class="navbar-text">
Welcome
<sec:authentication property="name"/>
<a id="logout" href="#">Logout</a>
</p>
<form id="logout-form" action="<c:url value="/logout"/>" method="post">
<sec:csrfInput/>
</form>
</li>
</c:when>
<c:otherwise>
<a href="<spring:url value="/login.do"/>">Sign In</a>
<li class = "userIcon"><img src="images/headerImages/Account and Control.gif"></li>
</c:otherwise>
</c:choose>
<li></li>
</ul>
</div>
</nav>
即使欢迎用户也没有进入标题..
浏览
1 个答案:
答案 0 :(得分:1)
不要混用这两种配置。选择一个并坚持这个选择。例如,您可以改为使用此java配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("ROLE_USER")
.and()
.withUser("admin").password("password").roles("ROLE_USER", "ROLE_FOO");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login.do")
.loginProcessingUrl("/login.do")
.usernameParameter("custom_username")
.passwordParameter("custom_password")
.failureUrl("/login.do?error=true")
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/reports/*").hasAnyAuthority("ROLE_USER")
.antMatchers("/schedule/*").hasAnyAuthority("ROLE_USER", "ROLE_FOO")
.anyRequest().anonymous();
}
}
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?