我正在处理spring安全命名空间配置。访问某些页面时出现问题,拦截网址被拒绝访问该页面。
http://www.springframework.org/schema/security/spring-security-4.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd“>
<http use-expressions="true">
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
<csrf disabled="true" />
<intercept-url pattern="/projectlist" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/projectboard/*" access="hasAnyRole('ROLE_OWNER','ROLE_MEMBER')" />
<access-denied-handler error-page="/access" />
<form-login login-page='/login' login-processing-url="/j_spring_security_check"
default-target-url="/dashboard" always-use-default-target="false"
authentication-failure-url="/login?error=true" username-parameter="username"
password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/logoutSuccessful"
delete-cookies="JSESSIONID" invalidate-session="true" />
<remember-me key="myAppKey" token-validity-seconds="864000" />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled from user where username=?"
authorities-by-username-query="select * from ( (Select u.username,'ROLE_OWNER' user_role from user u inner join project_user pu on u.user_id = pu.user_id) UNION (Select u.username,'ROLE_MEMBER' user_role from user u inner join member m on u.user_id = m.user_id) UNION (Select ur.username,'ROLE_USER' user_role from user_roles ur inner join user u on u.username=ur.username)) as users where username =? group by user_role" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
` 当用户登录并访问“/ setting / ”URL时,此文件正在运行(该页面仅供所有者访问,而不是成员)。但是当新用户注册并直接访问该页面时(即使他是所有者),拦截URL也不允许他访问该页面。注销并再次登录系统后,他可以访问“/ setting / ”URL页面。我不知道,我哪里错了。
任何帮助表示赞赏。谢谢你。