0
我遇到了Spring Security的问题。我创建了3个角色(ROLE_ADMIN,ROLE_MOD,ROLE_USER)。我使用密码和用户名保留数据库中的角色。在JSP中,我为所有角色创建了3个不同的菜单。在所有菜单中,有3行重复“/ messages”,“/ profile”,“/ logout”。如果我登录为MOD或USER,则一切正常,但如果我以ADMIN身份登录,则无法访问“/ messages”和“/ profile”。Spring Security - 角色无法正常工作
我的配置或jsp有什么问题?
安全配置:JSP的
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/"
,"/tutorials"
,"/search"
,"/about"
,"/contact"
,"/register",
"/css/*",
"/js/*",
"/img/*")
.permitAll()
.antMatchers(
"/messages",
"/profile",
"/logout",
"/newsmanager",
"/tutorialsmanager",
"/usersmanager",
"/sendemails"
)
.hasRole("ADMIN")
.antMatchers(
"/suggestnews",
"/suggesttutorial",
"/messages",
"/profile",
"/logout"
)
.hasRole("MOD")
.antMatchers(
"/messages",
"/profile",
"/logout"
)
.hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.permitAll();
//@formatter:on
}
片段:
<sec:authorize access="hasRole('ROLE_ADMIN')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu1">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="/tutorialsmanager">Tutorials manager</a></li>
<li><a href="/newsmanager">News manager</a></li>
<li><a href="/usersmanager">Users manager</a></li>
<li><a href="/sendemails">Send emails</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
<!-- APPEARED FOR ROLE_USER -->
<sec:authorize access="hasRole('ROLE_USER')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu2" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu2">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
<!-- APPEARED FOR ROLE_MOD -->
<sec:authorize access="hasRole('ROLE_MOD')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu3" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu3">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="/suggestnews">Suggest a news</a></li>
<li><a href="/suggesttutorial">Suggest a tutorial</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
'hasRole'从前面修剪'ROLE_'。你在一个地方使用'USER',在另一个地方使用'ROLE_USER'。 – chrylis
我改变了它,但仍然没有工作。 – DEADALICE7000
您是否也可以共享控制台日志。 –