我在我的 Web 应用程序中使用 Spring 框架和 Spring 安全性。 我想将用户注册表单集成到前端。我创建了 jsp 页面和 Controller ,并将该页面链接到主页。但是,当导航到该页面时,注册表中的文本框字段将被禁用。我想知道 spring-security 对此负责,如果是的话,我必须在 spring-security.xml 中进行哪些配置
谢谢。
这是我的代码
JSP页面
<jsp:include page="header-form.jsp">
<jsp:param name="title" value="Customer"/>
</jsp:include>
<body>
<div id="tableContainer-1">
<div id="tableContainer-2">
<form:form id="frmEdit" method="post" form action="" modelAttribute="customer">
<legend>Personal Information</legend>
<div class="form-group">
<label class="control-label">First Name</label>
<form:input path="firstName" class="form-control" type="text" required="true" size="40" maxlength="10"/>
</div>
<div class="form-group">
<label class="control-label">Last Name</label>
<form:input path="lastName" class="form-control" type="text" required="true" size="40" />
</div>
<c:if test="${screenMode == 'add'}">
<div class="form-group">
<label class="control-label">Country</label>
<form:select path="countryCode.id" id="countrylist" class="form-control">
<option value="">Select</option>
<form:options items="${countryList}" itemValue="id" itemLabel="countryDesc" />
</form:select>
</div>
</c:if>
<div class="form-group">
<label class="control-label">Contact No</label>
<form:input path="contactNo" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-group">
<label class="control-label">Email</label>
<form:input path="email" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-group">
<label class="control-label">NIC / PP / DL</label>
<form:input path="nicPpDl" class="form-control" type="text" required="true" size="40" />
</div>
<legend>Login Details</legend>
<div class="form-group">
<label class="control-label">User Name</label>
<form:input path="userName" class="form-control" type="text" required="true" size="20" />
</div>
<div class="form-group">
<label class="control-label">Pass Word</label>
<form:input path="password" class="form-control" type="text" required="true" size="20" />
</div>
<div class="form-group">
<label class="control-label">Confirm PassWord</label>
<form:input path="" class="form-control" type="text" required="true" size="40" />
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Save changes</button>
<button type="button" class="btn" onclick="onCancel()">Cancel</button>
</div>
</form:form>
</div>
</div>
</body>
spring-security.xml
请注意,/cus/customer/list 是注册表单的 URL。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security secured-annotations="enabled" />
<!-- <http pattern="/cus/welcome/" security="none" />-->
<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**" />
<http security="none" auto-config="true" use-expressions="true" pattern="/cus/customer/**" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/cus/customer/list" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login
login-page="/cus/" default-target-url="/index.jsp" always-use-default-target="true"
authentication-failure-url="/cus/"
/>
<!-- <logout
invalidate-session="true"
logout-success-url="/cus/"
logout-url="/cus/"/> -->
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rajith" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<beans:bean id="customUserDetailsService" class="com.ontag.mcash.customer.web.service.impl.UserDetailsServiceImpl"/>
</beans:beans>
最佳答案
终于解决了这个问题。 问题出在 Spring 安全性上。 Spring 安全性限制对 ajax 调用的访问,因为 spring-security.xml 中未将其配置为允许访问。 您需要将您请求的每个页面和 ajax 调用的安全性设置为 none。只需将以下两行添加到 spring-security.xml 中,一切正常。
<http pattern="/cus/" security="none" />
<http pattern="/cus/about" security="none" />
<http pattern="/cus/service" security="none" />
<http pattern="/cus/agent" security="none" />
<http pattern="/cus/contact" security="none" />
<http pattern="/cus/customer/signup" security="none" />
<http pattern="/cus/customer/register" security="none" />
<http pattern="/cus/customer/login" security="none" />
<http pattern="/cus/customer/validatePassword" security="none" />
<http pattern="/cus/customer/test.json" security="none" />
<http pattern="/cus/agent/list.json" security="none" />
<http security="none" auto-config="true" use-expressions="true" pattern="/static/**" />
关于java - 如何将用户注册表单与Spring Security集成,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24050371/