1
这应该是一个简单的解决方案,但我似乎无法弄清楚。春季安全:用户和管理员登录失败
问题:每次我尝试以用户或管理员身份登录时,用户名和密码总是返回“该用户拒绝访问”(即使用户名和角色确实在数据库中)。
这里是我的文件:
的LoginController:
@Controller
public class LoginController {
@RequestMapping("login")
public ModelAndView getLoginForm(
@RequestParam(required = false) String authfailed, String logout,
String denied) {
String message = "";
if (authfailed != null) {
message = "Invalid username of password, try again !";
} else if (logout != null) {
message = "Logged Out successfully, login again to continue !";
} else if (denied != null) {
message = "Access denied for this user !";
}
return new ModelAndView("login", "message", message);
}
@RequestMapping("user")
public String geUserPage() {
return "user";
}
@RequestMapping("admin")
public String geAdminPage() {
return "admin";
}
@RequestMapping("403page")
public String ge403denied() {
return "redirect:login?denied";
}
}
安全servlet.xml中:
<http auto-config="true" use-expressions="true">
<access-denied-handler error-page="/403page" />
<intercept-url pattern="/anonymous" access="isAnonymous"/>
<intercept-url pattern="/user**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page='/login' username-parameter="username"
password-parameter="password" default-target-url="/user"
authentication-failure-url="/login?authfailed" />
<logout logout-success-url="/login?logout" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
有什么建议吗? – CODI
你得到的错误是什么? –
我一直在获取:拒绝此用户的访问 – CODI