我的网络应用的默认网址是http://localhost:8080/Icd/
我想显示我的自定义登录页面,即/index.jsp。
但是,当我配置Spring安全性时,我收到的重定向问题太多了。下面是security.xml文件中的代码。
如果我遗失了某些内容,请告诉我。
<security:http auto-config="true" >
<security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
<security:intercept-url pattern="/*" access="ROLE_USER" />
<security:form-login login-page="/index.jsp" />
</security:http>
<security:authentication-provider>
<security:user-service>
<security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" />
<security:user name="alex" password="alex" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
答案 0 :(得分:1)
当你把
<security:intercept-url pattern="/*" access="ROLE_USER" />
您说每个页面都需要访问ROLE_USER(包括登录页面本身)
这个(未经测试的)可以解决这个问题:
<security:intercept-url pattern="/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/*" access="ROLE_USER" />
答案 1 :(得分:0)
尝试按以下方式指定配置:
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
这个使用自定义登录页面。有关详细信息,您可以在http://krams915.blogspot.com/2010/12/spring-security-3-mvc-using-simple-user.html
查看完整的申请