1
任何人都可以帮助我与弹簧安全? 我有以下看法1两个文件夹:ALLUSERS 2:超级用户 所有的用户都hasRole(“ROLE_USER”)和超级用户有:haseRole(“ROLE_ADMIN”,“ROLE_USER”) 我想,当用户怎么也登录后ROLE_ADMIN被重定向到正确的文件夹,即超级用户的文件夹和那个只有ROLE_USER到所有用户的文件夹。 不知道我该怎么做。弹簧安全和使用CustumUserDetails
弹簧security.xml文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org /2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true" use-expressions="true">
<!-- interceptor pages -->
<intercept-url pattern="/**" access="permitAll" />
<intercept-url pattern="/index" access="permitAll" />
<intercept-url pattern="/allusers/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/superusers/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/denied" access="permitAll" />
<intercept-url pattern="/getAllUsers" access="hasRole('ROLE_ADMIN')" />
<access-denied-handler error-page="/403" />
<form-login login-page="/index" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username,password,'true' AS isEnabled from USER where USERNAME=?"
authorities-by-username-query="
select u.username ,r.`ROLE_NAME`,u.`PASSWORD` from USER u, USER_ROLE ur,ROLE r where (u.user_id = ur.user_id)
and (r.role_id=ur.role_id) and u.username =? " />
</authentication-provider>
</authentication-manager>
这里是我的MVC-dispatcher.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.secure.weblayer" />
<mvc:annotation-driven />
<context:annotation-config />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<!-- <property name="prefix" value="/WEB-INF/views/allusers/" />-->
<!-- <property name="prefix" value="/WEB-INF/views/superusers" />-->
<property name="suffix" value=".jsp" />
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames" value="mymessages"></property>
</bean>
<bean
class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
</beans>
正如你可以看到我使用SQL查询我在春天的安全性。 xml登录。 我可以登录,但无法重定向到任何所需的页面。但是当我在xml文件中将属性更改为:property name =“prefix”value =“/ WEB-INF/views/allusers”
或:property name =“prefix”value =“/ WEB-INF/views/superusers “ 我可以访问这些文件夹中的所有页面,但不能同时访问。
请帮忙吗?
嗨 它没有帮助,仍然可以得到一个HTTP 404 无法获得访问在超级用户或ALLUSERS那些JSP的网页。 – user1067665
什么是超级用户jsp文件的路径? – Solubris
喜 的http://本地主机:8080/guard_weblayer /超级用户/测试 如果我理解你正确 – user1067665