Question

我目前在Spring MVC上做一个项目，我正在尝试集成Spring Security。但是我没有这样做，我完全不知道我错过了什么。请查看我的代码并提供您的建议。

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/mvc 
    http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/data/jpa
    http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/**"
            access="hasRole('ROLE_ADMIN')" />
        <security:intercept-url pattern="/suser/**"
            access="isAuthenticated()" />
        <!-- <security:intercept-url pattern="/resources/**" access="isAuthenticated()" 
            /> -->
        <!-- <security:form-login login-page="/home" default-target-url="/doctor" 
            authentication-failure-url="/authfailed" username-parameter="email" password-parameter="password" 
            /> <security:logout logout-success-url="/logoutsuccess" /> <security:csrf/> -->
        <!-- <security:csrf disabled="true"/> -->
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider
            user-service-ref="userService">

        </security:authentication-provider>
    </security:authentication-manager>

    <security:jdbc-user-service id="userService"
        data-source-ref="dataSource"
        users-by-username-query="select email , password, true from user where userId=?"
        authorities-by-username-query="select userId ,'ROLE_ADMIN' from user where userId=?" />

</beans>

同样我的控制器是：

@Controller
public class MainController {

    @RequestMapping(value = "/signup", method = RequestMethod.GET)
    public String getSignupPage() {
        return "signup";
    }

    @RequestMapping(value = "/home", method = RequestMethod.GET)
    public ModelAndView getLoginSignupPage() {

        return new ModelAndView("module/loginsignup/loginsignup",StringConstants.PAGE_TITLE,StringConstants.WEB_APP_TITLE);
    }

    @RequestMapping(value = "/index", method = RequestMethod.GET)
    public String getIndexPage() {
        return "index";
    }

    @RequestMapping(value = "/admin", method = RequestMethod.GET)
    public String getAdminPage() {
        return "admin";
    }

    @RequestMapping(value = "/authfailed", method = RequestMethod.GET)
    public String getAuthFailPage() {
        return "autherror";
    }

    @RequestMapping(value = "/logoutsuccess", method = RequestMethod.GET)
    public String getLogoutSuccessPage() {
        return "logoutsuccess";
    }

    @RequestMapping(value = "/suser/test", method = RequestMethod.GET)
    public String getUserPage() {
        return "user";
    }
}

我的用户实体：

@Entity
@Table(name="user")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column
    private long userId;

    @Column
    private String firstName;

    @Column
    private String middleName;

    @Column
    private String lastName;

    @Column
    private String email;

    @Column
    private String password;

    @Column
    private String userStatus;

    @Column
    private Date createdDate;

    @Column
    private Date updatedDate;

    @Column
    private int createdBy;

    @Column
    private int updatedBy;

    @ManyToOne(fetch = FetchType.EAGER)
    @JoinColumn(name = "cityId")
    private City city;

    @ManyToMany(cascade = CascadeType.ALL)
    @JoinTable(name = "user_link_document",
               joinColumns = @JoinColumn(name = "userId"),
               inverseJoinColumns = @JoinColumn(name = "documentId"))
    private List<Document> documentList;

    @OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
    private List<Review> reviewList;

我在build.gradle文件中的依赖项：

dependencies {
    compile("org.springframework.boot:spring-boot-starter-data-jpa")
    compile("javax.servlet:jstl:1.2")
    runtime("mysql:mysql-connector-java")
    compile("org.springframework.boot:spring-boot-starter-jdbc")
    compile ("org.springframework.boot:spring-boot-starter-web")
    compile("org.springframework.boot:spring-boot-starter-security")
    providedRuntime("org.springframework.boot:spring-boot-starter-tomcat")
    providedRuntime 'org.apache.tomcat.embed:tomcat-embed-jasper'
}

我对Spring MVC的所有配置都是正确的。除了Spring Security之外，我没有其他任何问题。谁能告诉我有什么问题？每当我浏览我的应用程序时，我都没有得到Spring Security应该提示用户的登录页面。

Answer 1

您已将/**添加到 ROLE_ADMIN ，以便捕获所有URLs。您也没有将 /home 网址添加到 permitAll 。

您需要首先添加所有公共URL，无需登录即可访问以下模式。

<security:intercept-url pattern="/**"
            access="hasRole('ROLE_ADMIN')" />

Answer 2

你应该取消注释

 <security:form-login login-page="/home" default-target-url="/doctor" 
            authentication-failure-url="/authfailed" username-parameter="email" password-parameter="password"/>

为/home请求编写请求处理程序，该处理程序将重定向到登录页面。

为什么我的Spring Security无法运行？

2 个答案: