【问题标题】:Not displaying corresponding pages in spring security在spring security中不显示相应的页面
【发布时间】:2016-01-02 23:24:55
【问题描述】:

我是 Spring Security 的新手。页面未根据 Spring Security 中基于 intercept-url 的角色呈现。 default-target-url 为每个请求呈现,无论角色如何

这是我的 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
  <display-name>bjgsecurity</display-name>

 <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
          /WEB-INF/mvc-dispatcher-servlet.xml,  
         /WEB-INF/security-config.xml  
        </param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

   <filter>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
 </filter>  

 <filter-mapping>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <url-pattern>/*</url-pattern>  
 </filter-mapping>  

</web-app>

这是security-config.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
 http://www.springframework.org/schema/security  
 http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <access-denied-handler error-page="/403page" />
        <intercept-url pattern="/admin**" access="ROLE_ADMIN"/>
        <intercept-url pattern="/user**" access="ROLE_USER"/>
        <form-login login-page='/login' username-parameter="username"
            password-parameter="password" default-target-url="/user"
            authentication-failure-url="/login?authfailed" />
        <logout logout-success-url="/login?logout" />
    </http>

    <!-- <authentication-manager> <authentication-provider> <user-service> <user 
        name="user" password="user@123" authorities="ROLE_ADMIN" /> </user-service> 
        </authentication-provider> </authentication-manager> -->

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="select username,password, enabled from users where username=?"
                authorities-by-username-query="select username, role from user_roles where username =?  " />
        </authentication-provider>
    </authentication-manager>

</beans:beans>  

这是我的控制器

package com.model.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class LoginController 
{
    @RequestMapping("login")
    public ModelAndView getLoginForm(@RequestParam(required=false) String authfailed, String logout, String denied) 
    {

        String message="";

        if(authfailed != null)
        {
            message="invalid username of password. plz try again!";
        }
        else if (logout != null) {
            message="Loged Out Successfully.. login again to continue !";
        }
         else if (denied != null) {  
               message = "Access denied for this user !";  
        }  
        return new ModelAndView("login", "message", message);
    }
    @RequestMapping("user")
    public String getUserPage() 
    {
        return "user";
    }
    @RequestMapping("admin")
    public String getAdminPage() {

        return "admin";
    }
    @RequestMapping("403page")
    public String get403denied() {

        return "redirect:login?denied";
    }

}

我的代码有什么问题

【问题讨论】:

    标签: jsp spring-mvc spring-security


    【解决方案1】:

    /(斜杠)放入@RequestMapping

    @RequestMapping("/admin")

    而不是

    @RequestMapping("admin")

    为所有@RequestMapping 执行此操作。

    在 security-config.xml 中

    <intercept-url pattern="/admin" access="ROLE_ADMIN"/>
    
    <intercept-url pattern="/user" access="ROLE_USER"/>
    

    而不是

    <intercept-url pattern="/admin**" access="ROLE_ADMIN"/>
    
    <intercept-url pattern="/user**" access="ROLE_USER"/>
    

    【讨论】:

    猜你喜欢
    • 2018-01-20
    • 2016-11-01
    • 1970-01-01
    • 2022-07-01
    • 1970-01-01
    • 2014-04-09
    • 2018-03-06
    • 2014-11-19
    • 2014-10-01
    相关资源
    最近更新 更多