我目前正在做一个关于 Spring MVC 的项目,我正在尝试集成 Spring Security。然而我没有这样做,而且我完全不知道我错过了什么。请查看我的代码并提出您的建议。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/**"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/suser/**"
access="isAuthenticated()" />
<!-- <security:intercept-url pattern="/resources/**" access="isAuthenticated()"
/> -->
<!-- <security:form-login login-page="/home" default-target-url="/doctor"
authentication-failure-url="/authfailed" username-parameter="email" password-parameter="password"
/> <security:logout logout-success-url="/logoutsuccess" /> <security:csrf/> -->
<!-- <security:csrf disabled="true"/> -->
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userService">
</security:authentication-provider>
</security:authentication-manager>
<security:jdbc-user-service id="userService"
data-source-ref="dataSource"
users-by-username-query="select email , password, true from user where userId=?"
authorities-by-username-query="select userId ,'ROLE_ADMIN' from user where userId=?" />
</beans>
同样我的 Controller 是:
@Controller
public class MainController {
@RequestMapping(value = "/signup", method = RequestMethod.GET)
public String getSignupPage() {
return "signup";
}
@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView getLoginSignupPage() {
return new ModelAndView("module/loginsignup/loginsignup",StringConstants.PAGE_TITLE,StringConstants.WEB_APP_TITLE);
}
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String getIndexPage() {
return "index";
}
@RequestMapping(value = "/admin", method = RequestMethod.GET)
public String getAdminPage() {
return "admin";
}
@RequestMapping(value = "/authfailed", method = RequestMethod.GET)
public String getAuthFailPage() {
return "autherror";
}
@RequestMapping(value = "/logoutsuccess", method = RequestMethod.GET)
public String getLogoutSuccessPage() {
return "logoutsuccess";
}
@RequestMapping(value = "/suser/test", method = RequestMethod.GET)
public String getUserPage() {
return "user";
}
}
还有我的用户实体:
@Entity
@Table(name="user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column
private long userId;
@Column
private String firstName;
@Column
private String middleName;
@Column
private String lastName;
@Column
private String email;
@Column
private String password;
@Column
private String userStatus;
@Column
private Date createdDate;
@Column
private Date updatedDate;
@Column
private int createdBy;
@Column
private int updatedBy;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "cityId")
private City city;
@ManyToMany(cascade = CascadeType.ALL)
@JoinTable(name = "user_link_document",
joinColumns = @JoinColumn(name = "userId"),
inverseJoinColumns = @JoinColumn(name = "documentId"))
private List<Document> documentList;
@OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
private List<Review> reviewList;
我在 build.gradle 文件中的依赖项:
dependencies {
compile("org.springframework.boot:spring-boot-starter-data-jpa")
compile("javax.servlet:jstl:1.2")
runtime("mysql:mysql-connector-java")
compile("org.springframework.boot:spring-boot-starter-jdbc")
compile ("org.springframework.boot:spring-boot-starter-web")
compile("org.springframework.boot:spring-boot-starter-security")
providedRuntime("org.springframework.boot:spring-boot-starter-tomcat")
providedRuntime 'org.apache.tomcat.embed:tomcat-embed-jasper'
}
我对 Spring MVC 的所有配置都是正确的。除了 Spring Security 之外,我对其他任何东西都没有问题。谁能告诉我出了什么问题吗?每当我浏览应用程序时,我都没有看到 Spring Security 应提示用户的登录页面。
最佳答案
您已添加 /**
以限制为 ROLE_ADMIN
,它捕获所有 URL
。此外,您还没有将 /home
URL 添加到 permitAll
。
在下面的模式之前,您需要先添加所有无需登录即可访问的公共(public) URL。
<security:intercept-url pattern="/**"
access="hasRole('ROLE_ADMIN')" />
关于java - 为什么我的 Spring Security 不工作?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39652004/