Spring Security - 如何为根页面指定匿名角色

发布于 2024-10-24 23:36:54 字数 868 浏览 3 评论 0原文

我的网络应用程序的默认 URL 是 http://localhost:8080/Icd/

我想显示我的自定义登录页面是/index.jsp。

然而，当我配置 spring security 来这样做时，我遇到了太多重定向问题。下面是 security.xml 文件中的代码。

如果我遗漏了什么，请告诉我。

<security:http auto-config="true" >

      <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/*" access="ROLE_USER" />
     <security:form-login login-page="/index.jsp" />
</security:http>
<security:authentication-provider>
    <security:user-service>
        <security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" />
        <security:user name="alex" password="alex" authorities="ROLE_USER" />
    </security:user-service>
</security:authentication-provider>

原文

The default URL for my web app is http://localhost:8080/Icd/

I want to display my custom login page which is /index.jsp.

However , when I configure the spring security to do so , I am getting too many redirects problem . Below the code present in the security.xml file .

Let me know if I am missing something .

<security:http auto-config="true" >

      <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/*" access="ROLE_USER" />
     <security:form-login login-page="/index.jsp" />
</security:http>
<security:authentication-provider>
    <security:user-service>
        <security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" />
        <security:user name="alex" password="alex" authorities="ROLE_USER" />
    </security:user-service>
</security:authentication-provider>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

尽揽少女心 2024-10-31 23:36:54

当您放置时

<security:intercept-url pattern="/*" access="ROLE_USER" />

，您会说每个页面都需要访问 ROLE_USER （包括登录页面本身）

这（未经测试）可能会起作用：

<security:intercept-url pattern="/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/*" access="ROLE_USER" />

When you put

<security:intercept-url pattern="/*" access="ROLE_USER" />

you're saying that every page requires ROLE_USER to be accessed (which includes the login page itself)

This (untested) may do the trick:

<security:intercept-url pattern="/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/*" access="ROLE_USER" />

回复收藏 0 原文

围归者 2024-10-31 23:36:54

尝试指定您的配置，如下所示：

 <security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >

  <security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
  <security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
  <security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>

  <security:form-login
    login-page="/krams/auth/login"
    authentication-failure-url="/krams/auth/login?error=true"
    default-target-url="/krams/main/common"/>

  <security:logout
    invalidate-session="true"
    logout-success-url="/krams/auth/login"
    logout-url="/krams/auth/logout"/>

 </security:http>

此配置使用自定义登录页面。有关更多信息，您可以在 http://krams915.blogspot.com/2010/12/spring-security-3-mvc-using-simple-user.html

Try specifying your configuration like the following:

 <security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >

  <security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
  <security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
  <security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>

  <security:form-login
    login-page="/krams/auth/login"
    authentication-failure-url="/krams/auth/login?error=true"
    default-target-url="/krams/main/common"/>

  <security:logout
    invalidate-session="true"
    logout-success-url="/krams/auth/login"
    logout-url="/krams/auth/logout"/>

 </security:http>

This one uses a custom login page. For more info, you can check the full application at http://krams915.blogspot.com/2010/12/spring-security-3-mvc-using-simple-user.html

回复收藏 0 原文

~没有更多了~