Question

我正在为我的crud应用程序使用spring security。登录后必须显示员工列表。如果我需要在该页面中执行任何操作，即使登录后它也会重定向到登录页面。

这是我的控制器

@RequestMapping(value="/login")
    public String log(Model model){
        model.addAttribute("user", new User());
        return "login";
    }

    @RequestMapping(value="/loginUser",method=RequestMethod.POST)
    public String login(@ModelAttribute("user") User user,Model model){

        try{
        userService.login(user);
        model.addAttribute("employee", new Employee());
        model.addAttribute("user", getPrincipal());
        return "redirect:/employees";
        }catch(Exception e){
            return "redirect:/accessDenied";
        }
    }

    @RequestMapping(value = "/employees", method = RequestMethod.GET)
    public String listEmployee(Model model) {
        model.addAttribute("employee", new Employee());
        model.addAttribute("user", getPrincipal());
        model.addAttribute("listEmployee", employeeService.listEmployee());
        return "employee";
    }

    @RequestMapping(value= "/employee/add", method = RequestMethod.POST)
    public String addEmployee(@ModelAttribute("employee") Employee emp,Model model){

        this.employeeService.addEditEmployee(emp);
        model.addAttribute("user", getPrincipal());
        return "redirect:/";

    }

    @RequestMapping("/delete/{id}")
    public String removeEmployee(@PathVariable("id") int id,Model model){

        this.employeeService.deleteEmployee(id);
        model.addAttribute("user", getPrincipal());
        return "redirect:/employees";
    }

    @RequestMapping("/edit/{id}")
    public String editEmployee(@PathVariable("id") int id, Model model){
        model.addAttribute("employee", employeeService.getEmployeeById(id));
        model.addAttribute("listEmployees",employeeService.listEmployee());
        model.addAttribute("user", getPrincipal());
        return "employee";
    }

这是我的spring安全配置文件

<security:global-method-security secured-annotations="enabled"/>
    <security:http auto-config="true" use-expressions="true">
         <security:intercept-url pattern="/" access="hasRole('ADMIN')"/> 
        <!-- <security:intercept-url pattern="/employees" access="hasRole('ADMIN')"/> -->
        <security:form-login login-page="/login" login-processing-url="/login"
                             default-target-url="/employees" 
                             authentication-failure-url="/login" />
    </security:http>
    <security:authentication-manager >
        <security:authentication-provider>
            <security:jdbc-user-service authorities-by-username-query="" 
                                        users-by-username-query="select userName,password from user where userName=? AND password=?"
                                        data-source-ref="dataSource"/>
        </security:authentication-provider>
    </security:authentication-manager>

这里我需要的是，如果我登录，我应该执行所有操作。我需要会话才能记住我已登录。

Answer 1

请试试这个：<security:intercept-url pattern="/**" access="hasRole('ADMIN')"/>

为什么要处理控制器上的登录帖子？！为什么你不使用spring security登录？

即使登录后，每个URL都会重定向到登录页面（弹簧安全）

1 个答案: