我遇到SpringSecurity问题。那是我的控制者:
@Secured({ "user", "administrator" })
@RequestMapping("/profile")
public String profile(HttpServletRequest request) {
return "profile";
}
当我使用时:
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="user" />
</user-service>
</authentication-provider>
</authentication-manager>
,以用户身份登录并转到/ profile,显示个人资料页面。但是当我使用:
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT LOGIN, PASSWORD, EMAIL FROM USER WHERE LOGIN=?"
authorities-by-username-query="SELECT U.LOGIN, UT.NAME FROM USER U, USER_TYPE UT WHERE U.USER_TYPE_ID = UT.ID AND U.LOGIN =? " />
</authentication-provider>
</authentication-manager>
,以用户身份登录系统并转到/ profile,不显示页面配置文件(当然我在登录前注册)。 这是我的数据库脚本的一部分:
CREATE TABLE USER_TYPE
(
ID SMALLINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
NAME VARCHAR(255) NOT NULL
);
CREATE TABLE USER
(
ID BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
EMAIL VARCHAR(255) NOT NULL,
LOGIN VARCHAR(255) NOT NULL,
PASSWORD VARCHAR(255) NOT NULL,
USER_TYPE_ID SMALLINT NOT NULL DEFAULT 2
);
ALTER TABLE USER
ADD CONSTRAINT USER_ID_USER_TYPE
foreign key(USER_TYPE_ID) REFERENCES USER_TYPE(ID) ON DELETE CASCADE;
INSERT INTO USER_TYPE VALUES(1, 'administrator');
INSERT INTO USER_TYPE VALUES(2, 'user');
我真的不知道,我做错了什么。请帮我!也许是因为我的登录页面?我登录控制器的一段代码:
@RequestMapping("/postLogin")
public String postLogin(HttpServletRequest request, @ModelAttribute("userDto") @Valid UserDTO userDto,
BindingResult result) throws Exception {
HttpSession session = request.getSession();
UserEntity user = dao.findByLoginAndPassword(userDto.getLogin(), SHA1Encoder.getEncodeWord(userDto.getPassword()));
session.setAttribute("User", user);
return "redirect:/home";
}
@RequestMapping("/")
public String welcome(Model model, HttpServletRequest request) {
UserDTO user = new UserDTO();
model.addAttribute("userDto", user);
return "index";
}
我的index.jsp页面的一段代码:
<form:form action="/Webapp/postLogin" method="POST" modelAttribute="userDto">
<table>
<tbody>
<tr>
<td>
<form:input type="text" path="login" value="" placeholder="Login"/>
</td>
</tr>
<tr>
<td>
<form:input type="password" path="password" value="" placeholder="Password"/>
</td>
</tr>
<tr>
<td>
<input type="submit" value="Log in" name="submit"/>
</td>
</tr>
</tbody>
</table>
</form:form>
这是我的security-context.xml:
<http auto-config="true" use-expressions="true">
<form-login login-page="/" default-target-url="/home"
authentication-failure-url="/?error=1" username-parameter="login"
password-parameter="password" />
<logout logout-success-url="/signUp" />
<csrf />
</http>
修改登录页面:
<c:set var="loginUrl"><c:url value="/login"/></c:set>
<form:form action="${loginUrl}" method="POST" modelAttribute="userDto">
<table>
<tbody>
<tr>
<td>
<form:input type="text" path="login" value="" placeholder="Login"/>
</td>
</tr>
<tr>
<td>
<form:input type="password" path="password" value="" placeholder="Password"/>
</td>
</tr>
<tr>
<td>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input type="submit" value="Log in" name="submit"/>
</td>
</tr>
</tbody>
</table>
</form:form>
并更改ROLE_USER和ROLE_ADMIN以及@Secured({“ROLE_USER”,“ROLE_ADMINISTRATOR”})的user_type.name值