我无法使用Spring Security登录

时间:2018-08-05 14:55:10

标签: java spring hibernate spring-security

尝试使用Spring Security登录我的应用程序时遇到麻烦,无论我做什么,总是将我重定向到我用于非授权访问的JSP。

security-config.xml的配置中,我尝试了hasRole('ROLE_USER')permitAll,但它们都不起作用。

security-config.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <http>
        <intercept-url pattern="/user/**" access="hasAnyRole('ROLE_USER') />
        <form-login login-page="/customLogin.jsp"
            login-processing-url="/appLogin" 
            username-parameter="app_username"
            password-parameter="app_password" 
            default-target-url="/user/home" />
        <logout 
            logout-url="/appLogout"
            logout-success-url="/customLogin.jsp" />
        <access-denied-handler error-page="/user/error" />
    </http>
    <beans:bean name="bcryptEncoder"
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
    <beans:bean name="myAppUserDetailsService"
        class="com.prh.tracking.services.impl.UserDetailsServiceImpl" />
    <beans:bean name="userService"
        class="com.prh.tracking.services.impl.UserServiceImpl" />
    <authentication-manager>
        <authentication-provider
            user-service-ref="myAppUserDetailsService">
            <password-encoder ref="bcryptEncoder" />
        </authentication-provider>
    </authentication-manager>
    <global-method-security
        secured-annotations="enabled" />
</beans:beans>

UserController.java 

@Controller
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;

    @RequestMapping(value="/home")
    public String home(ModelMap model, Authentication authentication) {

        authentication.getPrincipal();
        model.addAttribute("user", userService.getUser(authentication.getName()));

        return "user-info";
    }
    @RequestMapping(value="/error")
    public String error() {
        return "access-denied";
    }
}

UserDetailsS​​erviceImpl.java 

@Service
public class UserDetailsServiceImpl implements UserDetailsService{

    @Autowired
    private UserDAO userDAO;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        UserEntity user = userDAO.getUser(username);

        GrantedAuthority authority = new SimpleGrantedAuthority(user.getRole());
        UserDetails userDetails = (UserDetails)new User(user.getName(), user.getPassword(), Arrays.asList(authority));

        return userDetails;
    }

}

这就是我数据库中的内容:

enter image description here

1 个答案:

答案 0 :(得分:0)

当您设置对permitAll的访问权限时,甚至都不会要求您提供凭据,并且根本不会查询UserDetailsS​​erviceImpl。

您可能需要启用以下网络安全性表达式: <http use-expressions="true">

请参阅 https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html#el-access-web

相关问题
最新问题