0
<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<security:http use-expressions="false" entry-point-ref="loginEntryPoint">
<security:custom-filter ref="customFormLoginFilter" position="FORM_LOGIN_FILTER"/>
<security:logout logout-url="/logout" logout-success-url="/login?logout=true"/>
<security:intercept-url pattern="/appointments/*" access="ROLE_USER"/>
<security:intercept-url pattern="/schedule/*" access="ROLE_FOO"/>
<security:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER"/>
</security:http>
<bean id="customFormLoginFilter" class="com.fetn.security.CustomAuthenticationFilter">
<property name="filterProcessesUrl" value="/login"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="usernameParameter" value="custom_username"/>
<property name="passwordParameter" value="custom_password"/>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login/failure?error=true"/>
</bean>
</property>
</bean>
<bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg value="/login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
我写belowJava配置代码但注销和.antMatchers( “/约会/ ”)。访问(“ hasRole( '用户')”)和antMatchers(“/日程表/ “)。访问(” hasRole( '管理员')“)春XML和Java配置
URL总是去/登录/失败?错误=真
会有什么相应的Java代码cofig。请帮助.....
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private AutoUserRepository autoUserRepository;
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/appointments/*").access("hasRole('USER')").
antMatchers("/schedule/*").access("hasRole('ADMIN')").and().exceptionHandling().authenticationEntryPoint(loginEntryPoint()).and().addFilterBefore(customFormLoginFilter(), UsernamePasswordAuthenticationFilter.class);
http.logout().logoutUrl("/logout")
.logoutSuccessUrl("/login?logout=true");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler(){
return new DefaultWebSecurityExpressionHandler();
}
@Bean
public LoginUrlAuthenticationEntryPoint loginEntryPoint(){
LoginUrlAuthenticationEntryPoint ent=new LoginUrlAuthenticationEntryPoint("/login");
return ent;
}
@Bean
public CustomAuthenticationFilter customFormLoginFilter() throws Exception{
CustomAuthenticationFilter filter=new CustomAuthenticationFilter();
//setting up super class property AbstractAuthenticationProcessingFilter
filter.setFilterProcessesUrl("/login");//login url
filter.setAuthenticationManager(authenticationManagerBean());
filter.setUsernameParameter("custom_username");
filter.setPasswordParameter("custom_username");
filter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler());
filter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());
return filter;
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler(){
SavedRequestAwareAuthenticationSuccessHandler surl=new SavedRequestAwareAuthenticationSuccessHandler();
surl.setDefaultTargetUrl("/");//url after seuuces login
return surl;
}
@Bean
SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler(){
SimpleUrlAuthenticationFailureHandler faillure=new SimpleUrlAuthenticationFailureHandler();
faillure.setDefaultFailureUrl("/login/failure?error=true");
return faillure;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}