春XML和Java配置

<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> 

<security:http use-expressions="false" entry-point-ref="loginEntryPoint"> 
    <security:custom-filter ref="customFormLoginFilter" position="FORM_LOGIN_FILTER"/>  
    <security:logout logout-url="/logout" logout-success-url="/login?logout=true"/> 

    <security:intercept-url pattern="/appointments/*" access="ROLE_USER"/> 
    <security:intercept-url pattern="/schedule/*" access="ROLE_FOO"/> 
    <security:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER"/> 
</security:http> 

<bean id="customFormLoginFilter" class="com.fetn.security.CustomAuthenticationFilter"> 
    <property name="filterProcessesUrl" value="/login"/> 
    <property name="authenticationManager" ref="authenticationManager"/> 
    <property name="usernameParameter" value="custom_username"/> 
    <property name="passwordParameter" value="custom_password"/> 
    <property name="authenticationSuccessHandler"> 
     <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
      <property name="defaultTargetUrl" value="/"/> 
     </bean> 
    </property> 
    <property name="authenticationFailureHandler"> 
     <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
      <property name="defaultFailureUrl" value="/login/failure?error=true"/> 
     </bean> 
    </property> 
</bean> 

<bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <constructor-arg value="/login"/> 
</bean> 

<security:authentication-manager alias="authenticationManager"> 
    <security:authentication-provider ref="customAuthenticationProvider"/> 
</security:authentication-manager>

我写belowJava配置代码但注销和.antMatchers（ “/约会/ ”）。访问（“ hasRole（ '用户'）”）和antMatchers（“/日程表/ “）。访问（” hasRole（ '管理员'）“）春XML和Java配置

URL总是去/登录/失败？错误=真

会有什么相应的Java代码cofig。请帮助.....

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{ 
@Autowired 
private AutoUserRepository autoUserRepository; 

@Autowired 
private CustomAuthenticationProvider customAuthenticationProvider; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 


     auth.authenticationProvider(customAuthenticationProvider); 

    } 



@Override 
protected void configure(HttpSecurity http) throws Exception { 





    http.authorizeRequests() 

     .antMatchers("/appointments/*").access("hasRole('USER')"). 

     antMatchers("/schedule/*").access("hasRole('ADMIN')").and().exceptionHandling().authenticationEntryPoint(loginEntryPoint()).and().addFilterBefore(customFormLoginFilter(), UsernamePasswordAuthenticationFilter.class); 

     http.logout().logoutUrl("/logout") 
     .logoutSuccessUrl("/login?logout=true"); 





} 


@Override 
public void configure(WebSecurity web) throws Exception { 
    web.ignoring().antMatchers("/resources/**"); 
} 



@Bean 
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler(){ 

    return new DefaultWebSecurityExpressionHandler(); 
} 



    @Bean 
    public LoginUrlAuthenticationEntryPoint loginEntryPoint(){ 

     LoginUrlAuthenticationEntryPoint ent=new LoginUrlAuthenticationEntryPoint("/login"); 

     return ent; 


    } 


    @Bean 
    public CustomAuthenticationFilter customFormLoginFilter() throws Exception{ 

     CustomAuthenticationFilter filter=new CustomAuthenticationFilter(); 

     //setting up super class property AbstractAuthenticationProcessingFilter 
     filter.setFilterProcessesUrl("/login");//login url 
     filter.setAuthenticationManager(authenticationManagerBean()); 
     filter.setUsernameParameter("custom_username"); 
     filter.setPasswordParameter("custom_username"); 
     filter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler()); 
     filter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler()); 


     return filter; 

    } 



    @Bean 
    public SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler(){ 

     SavedRequestAwareAuthenticationSuccessHandler surl=new SavedRequestAwareAuthenticationSuccessHandler(); 
     surl.setDefaultTargetUrl("/");//url after seuuces login 

     return surl; 
    } 

    @Bean 
    SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler(){ 
     SimpleUrlAuthenticationFailureHandler faillure=new SimpleUrlAuthenticationFailureHandler(); 
     faillure.setDefaultFailureUrl("/login/failure?error=true"); 


     return faillure; 

    } 


    @Bean 
     @Override 
     public AuthenticationManager authenticationManagerBean() throws Exception { 
      return super.authenticationManagerBean(); 
     }

}

来源

2017-02-03 Touhidur Rahaman Khan

难道你必须在各种antMatchers之间添加.and（）吗？此外，您正在使用两个http。*电话，我认为它可以完成一个。请参阅this page以下的代码。

protected void configure(HttpSecurity http) throws Exception { 
    http 
     .authorizeRequests() 
      .antMatchers("/", "/home").permitAll() 
      .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/login") 
      .permitAll() 
      .and() 
     .logout() 
      .permitAll(); 
}

来源

2017-02-03 18:00:43

春XML和Java配置

回答

相关问题