我正在为我的crud应用程序使用spring security。即使在成功登录后,spring也会重定向到访问被拒绝的页面。
这是我的配置文件
@RequestMapping(value="/")
public String welcome(){
return "welcome";
}
@RequestMapping(value = "/employees", method = RequestMethod.GET)
//@PreAuthorize("isAuthenticated()")
public String listEmployee(Model model) {
model.addAttribute("employee", new Employee());
model.addAttribute("listEmployee", employeeService.listEmployee());
model.addAttribute("user", getPrincipal());
return "employee";
}
控制器类
protected void handle(HttpServletRequest request,HttpServletResponse response,
Authentication authentication) throws IOException{
String targetUrl = determineTargetUrl(authentication);
if(response.isCommitted()){
log.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(Authentication authentication){
boolean permitAll = false;
boolean isAdmin = false;
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for(GrantedAuthority grantedAuthority : authorities){
if (grantedAuthority.getAuthority().equals("permitAll")) {
permitAll = true;
} else if (grantedAuthority.getAuthority().equals("hasRole('ROLE_ADMIN')")) {
isAdmin = true;
}
}
if (permitAll){
return "/";
} else if (isAdmin) {
return "/employees";
} else {
throw new IllegalStateException();
}
AuthenticationsuccessHandler类
{{1}}
在确定目标网址方法时,它正在检查角色并重定向到目标网址。但它没有击中控制器。
答案 0 :(得分:0)
在spring security xml文件的authentication manager标记中指定admin,如下所示
<security:user name="sowmith" password="reddy" authorities="ROLE_ADMIN"/>
然后更改条件是将AuthenticationSuccessHandler类中的角色检查到
else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN"))