【问题标题】:How to specify which <http> can take only specific <authentication-manager> in Spring Security如何在 Spring Security 中指定哪个 <http> 只能采用特定的 <authentication-manager>
【发布时间】:2017-05-26 04:57:37
【问题描述】:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">




    <!-- enable use-expressions -->
 <http pattern="/rest/admin/**"  use-expressions="false"  authentication-manager-ref="adminManager">
        <headers>
            <cache-control />
        </headers>
        <intercept-url pattern="/rest/admin/**" access="ROLE_ADMIN,ROLE_SALESMANAGER,ROLE_JOBSEEKER" />
        <form-login login-page="/rest/check/adminLogin" 
         default-target-url="/rest/admin/adminDashBoard" 
            authentication-failure-url="/rest/check/adminLogin?error" 
            username-parameter="emailId"
            password-parameter="password" 
            login-processing-url="/auth/login_check" 
            always-use-default-target="true" 
            />
         <logout invalidate-session="true" logout-success-url="/rest/check/adminLogin?logout" delete-cookies="JSESSIONID" /> 
        <csrf />
    </http>

        <!-- enable use-expressions -->
 <http pattern="/rest/sales/**"  use-expressions="false" authentication-manager-ref="adminManager">
        <headers>
            <cache-control />
        </headers>

        <intercept-url pattern="/rest/sales/**" access="ROLE_SALESMANAGER" />
        <form-login login-page="/rest/checkSales/salesLogin" 
         default-target-url="/rest/admin/adminDashBoard" 
            authentication-failure-url="/rest/check/adminLogin?error" 
            username-parameter="emailId"
            password-parameter="password" 
            login-processing-url="/auth/login_check" 
            always-use-default-target="true" 
            />
     <logout invalidate-session="true" logout-success-url="/rest/checkSales/salesLogin?logout" delete-cookies="JSESSIONID" />
        <csrf />
    </http>


<http pattern="/rest/jobseeker/**" use-expressions="false" authentication-manager-ref="jobseekerManager">
        <headers>
            <cache-control />
        </headers>

    <intercept-url pattern="/rest/jobseeker/**" access="ROLE_JOBSEEKER" /> 
        <form-login login-page="/rest/checkJobSeeker/employeelogin" 
          default-target-url="/rest/admin/adminDashBoard" 
            authentication-failure-url="/rest/check/adminLogin?error" 
            username-parameter="emailId"
            password-parameter="password" 
            login-processing-url="/auth/login_check" 
            always-use-default-target="true" 
            />
        <logout invalidate-session="true" logout-url="/rest/checkJobSeeker/employeelogin?logout"   delete-cookies="JSESSIONID" />
        <csrf />
    </http>     


  <authentication-manager id="jobseekerManager">
        <authentication-provider user-service-ref="jobSeekerService">
        <password-encoder ref="encoder" /> 
         </authentication-provider>
    </authentication-manager>

  <authentication-manager id="adminManager">
         <authentication-provider user-service-ref="userDetailsService">
        <password-encoder ref="encoder" /> 
         </authentication-provider>
    </authentication-manager> 

<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
                        <beans:constructor-arg name="strength" value="10" />
 </beans:bean>

</beans:beans>


    Here in this case it is not working and shows in the console as Request method 'POST' not supported
    Handler execution resulted in exception: Request method 'POST' not supported
    I have mutiple login pages, in those one page is like following
    My jsp code is as follows

 - login.jsp

    <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
    <%@page session="true"%>
    <!DOCTYPE html>
    <html>

                                     <c:url var="post_url" value='/auth/login_check?targetUrl=${targetUrl}' />
                                    <form:form class="m-t-md" action="${post_url}"  id="login-form" modelAttribute="org_staff">
                                        <div class="form-group">
                                            <form:input type="email" name="emailId" class="form-control" placeholder="Email" path="emailId" />
                                            <form:errors style="color:indianred" path="emailId" name="emailId"/>
                                        </div>
                                        <div class="form-group">
                                            <form:input type="password" name="password" class="form-control" placeholder="Password" path="password"/>
                                            <form:errors style="color:indianred" path="password" name="password"/>
                                        </div>
                                        <button type="submit" class="btn btn-success btn-block">Login</button>
                                        <a href="adminFogotPasswordPage" class="display-block text-center m-t-md text-sm">Forgot Password?</a>

                                    </form:form>


        </body>
    </html>

    when i click on submit button i got the following error in the console as follows

    **Request method 'POST' not supported
    Handler execution resulted in exception: Request method 'POST' not supported**

    It is loading and showing login pages in modules but when i click on submit it is showing POST not supported

它正在加载并显示模块中的登录页面,但是当我单击提交时,它显示不支持 POST 它正在加载并显示模块中的登录页面,但是当我单击提交时,它显示不支持 POST

【问题讨论】:

标签: spring jsp spring-mvc spring-security


【解决方案1】:

您可以使用不同的名称命名身份验证管理器

<authentication-manager id="tokenAuthManager"  ...
<authentication-manager id="usernameAuthManager"  ...

然后在 http 元素中指定名称。

<http authentication-manager-ref="tokenAuthManager" ...
<http authentication-manager-ref="usernameAuthManager" ...

【讨论】:

  • 你能告诉我参考网站吗,它不适合我
猜你喜欢
  • 2014-06-08
  • 2021-07-12
  • 2018-08-23
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2017-11-03
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多