我的问题!为什么一旦管理员或用户登录后,他们就无法访问他们的仪表板。它更新页面“/”或“/ home”,但不会 到UserDashboards或AdminDashboards ?! 我正在尝试使用Spring安全性和DB()为应用程序配置Spring启动。 我在home.jsp中有登录表单。用户可以在模态窗口中登录或注册我的网站。 我只会告诉你home.jsp的一部分
<!-- Header -->
<li><a href="#contact" class="smoothScroll"><spring:message code="nav.section.link5"/></a></li>
<c:if test="${email == null}">
<li><a href="" class="smoothScroll" data-toggle="modal" data-target="#modal-1"><spring:message code="nav.section.link6"/></a></li>
<li><a href="" class="smoothScroll" data-toggle="modal" data-target="#modal-2"><spring:message code="nav.section.link9"/></a></li>
</c:if>
<c:if test="${email != null}">
<li><a href="/dashboards" class="smoothScroll">${email}</a></li>
<li><a href="/accountLogout" class="smoothScroll"><spring:message code="nav.section.link10"></spring:message></a> </li>
</c:if>
<!-- modal login
================================================== -->
<div class="modal" id="modal-1">
<div class="modal-dialog modal-sm">
<div class="modal-content">
<div class="modal-body">
<div class="btn-group btn-group-justified" role="group" aria-label="...">
<div class="btn-group" role="group">
<button type="button" class="btn btn-default active"><spring:message code="nav.section.link6"/></button>
</div>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#modal-2" data-dismiss="modal"><spring:message code="nav.section.link9"/></button>
</div>
</div>
</div>
<div class="modal-footer">
<div align="center">
<ul class="sign-social-icon">
<li><a href="/facebookLogin" class="fa fa-facebook wow fadeIn sign-facebook" data-wow-delay="0.3s"></a></li>
<li><a href="/twitterLogin" class="fa fa-twitter wow fadeIn sign-twitter" data-wow-delay="0.6s"></a></li>
<li><a href="/linkedinLogin" class="fa fa-linkedin wow fadeIn sign-linkedin" data-wow-delay="0.9s"></a></li>
<li><a href="/googleLogin" class="fa fa-google-plus wow fadeIn sign-google" data-wow-delay="1.2s"></a></li>
</ul>
</div>
<div class="or">
<p><spring:message code="modal.section.h3"/></p>
</div >
<form:form method="post" action="/userLogin" id="contact-formL" class="form-horizontal">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<div class="control-group controls">
<input type="email" class="reg" placeholder="<spring:message code="modal.section.h6"/>" name="email" id="emailL" value="${dto.email}">
</div>
<div class="control-group controls ">
<input type="password" class="reg" id="passwordL" placeholder="<spring:message code="modal.section.h7"/>" name="password" value="${dto.password}" >
</div>
<div class="sign form-actions">
<input role="button" type="submit" class="btn btn-primary btn-block" value="<spring:message code="nav.section.link6"/>">
</div>
</form:form>
<%--<div class="fmp">--%>
<%--<a><spring:message code="modal.section.h4"/></a>--%>
<%--</div>--%>
</div>
</div>
</div>
</div>
<!-- modal registration
================================================== -->
<div class="modal" id="modal-2">
<div class="modal-dialog modal-sm">
<div class="modal-content">
<div class="modal-body">
<div class="btn-group btn-group-justified" role="group" aria-label="...">
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#modal-1" data-dismiss="modal" ><spring:message code="nav.section.link6"/></button>
</div>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default active"><spring:message code="nav.section.link9"/></button>
</div>
</div>
</div>
<div class="modal-footer">
<div align="center">
<ul class="sign-social-icon">
<li><a href="/facebookLogin" class="fa fa-facebook wow fadeIn sign-facebook" data-wow-delay="0.3s"></a></li>
<li><a href="/twitterLogin" class="fa fa-twitter wow fadeIn sign-twitter" data-wow-delay="0.6s"></a></li>
<li><a href="/linkedinLogin" class="fa fa-linkedin wow fadeIn sign-linkedin" data-wow-delay="0.9s"></a></li>
<li><a href="/googleLogin" class="fa fa-google-plus wow fadeIn sign-google" data-wow-delay="1.2s"></a></li>
</ul>
</div>
<div class="or">
<p><spring:message code="modal.section.h3"/></p>
</div>
<form:form action="/saveUser" modelAttribute="dto" name="myForm" id="contact-form" class="form-horizontal">
<div class="control-group controls">
<input type="email" class="reg" placeholder="<spring:message code="modal.section.h6"/>" name="email" id="email" value="${dto.email}">
</div>
<div class="control-group controls ">
<input type="password" class="reg" id="password" placeholder="<spring:message code="modal.section.h7"/>" name="password" value="${dto.password}" >
</div>
<div class="control-group controls">
<input type="password" class="reg" id="conf" placeholder="<spring:message code="modal.section.h8"/>" name="conf">
</div>
<div class="sign form-actions">
<input role="button" type="submit" class="btn btn-primary btn-block" value="<spring:message code="nav.section.link9"/>">
</div>
</form:form>
<div class="policy">
<spring:message code="modal.section.h5"/> </div>
</div>
</div>
</div>
</div>
这是我在HomeController.class中的登录方法:
@RequestMapping(value = "/userLogin", method = RequestMethod.POST)
public String updateOne(@RequestParam(required = true) String email, @RequestParam(required = true) String password, HttpServletRequest request) throws SQLException {
HttpSession session = request.getSession();
User user = userService.getByEmail(email);
System.out.println("проверка пароля и имейла с БД");
if (user != null && user.getPassword().equals(password)) {
session.setAttribute("email", user.getEmail());
System.out.println("ЛОГИНИТСЯ!!!");
if (userService.getByEmail(email).getRole().equals(Role.USER)) {
System.out.println("SALUT USER!!");
session.setAttribute("user", user);
return "redirect:/";
} else if (userService.getByEmail(email).getRole().equals(Role.MODERATOR)) {
System.out.println("SALUT MODERATOR!!");
session.setAttribute("moderator", user);
return "redirect:/";
} else if (userService.getByEmail(email).getRole().equals(Role.ADMIN)) {
System.out.println("SALUT ADMIN!!");
session.setAttribute("admin", user);
return "redirect:/";
}
}
return "redirect:/loginProblems";
}
用户和管理员必须打开他们的仪表板(使用HEADER中的点击按钮<li><a href="/dashboards" class="smoothScroll">${email}</a></li>)。
这是我的DashboardController.class:
@Controller
public class DashboardsConroller {
@Autowired
UserService userService;
@Autowired
UserDataService userDataService;
@RequestMapping(value = "/dashboards", method = RequestMethod.GET)
public String selectDashboard(HttpServletRequest request) {
System.out.println("method selectDashboard!!");
HttpSession session = request.getSession();
User user = userService.getByEmail((String) session.getAttribute("email"));
System.out.println("СМОТРИ СЮДА = " + user);
if (userService.getByEmail(user.getEmail()).getRole().equals(Role.USER)) {
System.out.println("USER want to open dashboard!!");
session.setAttribute("user", user);
return "redirect:/userDash";
} else if (userService.getByEmail(user.getEmail()).getRole().equals(Role.MODERATOR)) {
System.out.println("Moderator want to open dashboard!!");
session.setAttribute("moderator", user);
return "redirect:/moderatorDash";
} else if (userService.getByEmail(user.getEmail()).getRole().equals(Role.ADMIN)) {
System.out.println("ADMIN want to open dashboard!!");
session.setAttribute("admin", user);
return "redirect:/adminDash";
} else {
System.out.println("LAST ELSE IS WORKING");
return "redirect:/home";
}
}
}
这是AdminDashController.class中的showAdminDashboard()方法:
@PreAuthorize("hasAuthority('ADMIN')")
@RequestMapping(value = "/adminDash", method = RequestMethod.GET)
public ModelAndView showAdminDashboard(@ModelAttribute("myUserData") UserData myUserData,
@RequestParam(required = false) String firstName,
@RequestParam(required = false) String secondName,
HttpServletRequest request) throws SQLException {
...
}
这是我在UserDashController.class中的showUserDashboard()方法:
@PreAuthorize("hasAuthority('USER')")
@RequestMapping(value = "/userDash", method = RequestMethod.GET)
public ModelAndView showUserDashboard(@ModelAttribute("myUserData") UserData myUserData,
@RequestParam(required = false) String firstName,
@RequestParam(required = false) String secondName,
HttpServletRequest request) throws SQLException, InstantiationException, IllegalAccessException {
...
return modelAndView;
}
这是我的SecurityConfig.class:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home", "/userLogin", "/dashboards", "/saveUser").permitAll()
.antMatchers("/adminDash").hasAuthority("ADMIN")
.antMatchers("/userDash").hasAuthority("USER")
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/")
.usernameParameter("email")
.passwordParameter("password")
.failureUrl("/loginProblems")
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/accountLogout"));
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
}
的pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
答案 0 :(得分:0)
为什么一旦管理员或用户登录后,他们就无法访问他们的仪表板。
之所以发生这种情况是因为用户未经过正确的身份验证,实际上对于Spring Security,用户仍然没有通过身份验证。
当您使用Spring Security时,它应该对用户进行身份验证(通过在数据库中查找用户,比较密码,分配角色等)。但是您尝试使用自己的代码对用户进行身份验证(在/userLogin中)。