春季启动时多个用户和多个成功URL

时间:2017-06-23 23:54:53

标签: spring-boot spring-security

您好我有3种类型的用户使用不同的jsp页面。我是春季启动的初学者,我不知道如何使用不同的用户和不同的成功网页进行身份验证 这是我的申请结构:enter image description here 

     package bootsample;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import bootsample.service.CustomUserDetailsService;



@Configuration
@EnableWebSecurity 
@ComponentScan(basePackageClasses = CustomUserDetailsService.class)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

 @Autowired 
 private UserDetailsService userDetailsService;

 @Autowired
 public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {    
     auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
 } 



 @Override
 protected void configure(HttpSecurity http) throws Exception {



   http.authorizeRequests()

   .antMatchers("/supervisor/**").hasAuthority("ROLE_Supervisor")

   .antMatchers("/admin/**").hasAuthority("ROLE_ADMIN")
   .anyRequest().permitAll()
   .and()
     .formLogin().loginPage("/login")
     .defaultSuccessUrl("/supervisor/hello")
     .defaultSuccessUrl("/admin/hello")
     .usernameParameter("username").passwordParameter("password")
   .and()
     .logout().logoutSuccessUrl("/login?logout") 
    .and()
    .exceptionHandling().accessDeniedPage("/403")
   .and()
    .csrf().disable();
 }

 @Bean(name="passwordEncoder")
    public PasswordEncoder passwordencoder(){
     return new BCryptPasswordEncoder();
    }
}

我试过这个,但它不起作用

1 个答案:

答案 0 :(得分:0)

你的第二个defaultSuccessUrl正在覆盖第一个。您可能希望使用AuthenticationSuccessHandler

,而不是defaultSuccessUrl 
curl -sX POST -F 'file=@$myfile' -F 'fileName=test.tgz' http://localhost:8080/upload
来自javadoc的

  

实现可以做任何他们想做的事,但典型的行为是控制     导航到后续目的地(使用重定向或前进)。例如,     用户通过提交登录表单登录后,应用程序需要决定     之后他们应该被重定向到

相关问题
最新问题