如何使用spring security在Spring xml中为一个特定URL定义ROLE_USER,ROLE_ADMIN IN?

时间:2016-05-12 11:15:47

标签: java spring jsp spring-mvc spring-security

  

我正在使用spring security来登录和注销多个用户   我用不同的卷设置了两个用户来访问dba url   admin和dba但我访问了Url 

http://localhost:8080/secu_fin_ano/dba
  

输入后,它会重定向到默认的弹簧登录表单   管理员的管理员名称和密码,其重定向页面为   / access-denied我已经在security.xml中定义了

     

security.xml的代码:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">


    <http auto-config="true" >
        <intercept-url pattern="/" access="permitAll" />
        <intercept-url pattern="/home" access="permitAll" />
        <intercept-url pattern="/admin**" access="hasRole('ADMIN')" />
        <intercept-url pattern="/dba**" access="hasRole('ADMIN') and hasRole('DBA')" />
        <access-denied-handler error-page="/Access_Denied" />
        <form-login  authentication-failure-url="/Access_Denied" />
    </http>

    <authentication-manager >
        <authentication-provider>
            <user-service>
                <user name="bill"  password="abc123"  authorities="ROLE_USER" />
                <user name="admin" password="root123" authorities="ROLE_ADMIN" />
                <user name="dba"   password="root123" authorities="ROLE_ADMIN,ROLE_DBA" />
            </user-service>
        </authentication-provider>
    </authentication-manager>


</beans:beans>

0 个答案:

没有答案
相关问题
最新问题