我有spring MVC项目,它在添加自动生成的登录验证过滤器之前给出输出。但添加过滤器后,我没有得到输出?它给资源找不到404错误。我的代码中有什么问题。实际上我想添加此身份验证,如果网址是/ books。以下是我项目的相关文件。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<servlet>
<servlet-name>SpringMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>SpringMVC</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/securityconfig.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springFramework.web.filter.DelegationFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
securityconfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<sec:http auto-config="true" use-expressions="true">
<sec:intercept-url pattern="/books" access="ROLE_USER"/>
<sec:form-login/>
<sec:logout logout-url="/j_security_logout"/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="test" password="123" authorities="ROLE_USER, ROLE_ADMIN"/>
<sec:user name="bob" password="mypassword" authorities="ROLE_USER"/>
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
春季安全的依赖性:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<!-- security also needs the following to be present -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>4.1.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.1.6.RELEASE</version>
</dependency>
书籍控制器如下:
@Controller
public class BookController {
@RequestMapping("/")
public String redirectRoot() {
return "redirect:/books";
}
@RequestMapping(value = "/books", method = RequestMethod.GET)
public String getAll(Model model) {
model.addAttribute("books", bookDao.getAll());
return "bookList";
}
}
答案 0 :(得分:0)
试试这样。您已将use-expressions配置为true,因此您不能简单地在access属性中添加所请求的角色:
<sec:http auto-config="true" use-expressions="true">
<sec:intercept-url pattern="/books" access="hasRole('ROLE_USER')"/>
<sec:form-login/>
<sec:logout logout-url="/j_security_logout"/>
</sec:http>