Spring Security 中同一资源的经过身份验证和未经身份验证的视图
我正在尝试创建一个可供经过身份验证和未经身份验证的用户访问的资源。我还设置了“记住我”身份验证。对于访问资源(页面)的用户,我希望通过记住我身份验证来尝试登录此人。如果登录不成功,我希望页面仍然显示,但行为不同。当我编写安全拦截url时,我可以选择“none”或“Role_User”。我可以让spring以尝试ROLE_USER的方式工作吗?如果它不成功,那么它应该优雅地降级为“None”?这是我的 spring 配置的外观,
<security:http auto-config='true'>
<security:intercept-url pattern="/dynamicPage" filters="none"/>
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login login-page="/index"
default-target-url="/home" always-use-default-target="true"
authentication-success-handler-ref="AuthenticationSuccessHandler"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/index?error=true"/>
<security:remember-me key="myLongSecretCookieKey" token-validity-seconds="1296000"
data-source-ref="jdbcDataSource" user-service-ref="AppUserDetailsService" />
</security:http>
“记住我”身份验证,等待失败然后返回“无”。
我希望动态页面尝试使用 不了解像 isRememberMe() 和链式表达式这样的表达式,但我仍然不知道如何解决这个问题,
<security:intercept-url pattern="/dynamicPage" filters="ROLE_USER,none"/>
因为 getAuthorities 查询没有返回 任何内容。找到其他方法来做到这一点。
I am trying to make a resource that can be accessed by both authenticated and unauthenticated users. I also have the remember-me authentication in place. For a user accessing the resource (page), I want the remember-me authentication to try and sign-in the person. If the sign-in wasn't successful, I want the page to still show up but act differently. When I write my security intercept urls, I can either choose "none or "Role_User". Can I make spring work in a way where it tries the ROLE_USER, if it doesn't succeed, then it should gracefully degrade to "None" ? Here is how my spring config looks.
<security:http auto-config='true'>
<security:intercept-url pattern="/dynamicPage" filters="none"/>
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login login-page="/index"
default-target-url="/home" always-use-default-target="true"
authentication-success-handler-ref="AuthenticationSuccessHandler"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/index?error=true"/>
<security:remember-me key="myLongSecretCookieKey" token-validity-seconds="1296000"
data-source-ref="jdbcDataSource" user-service-ref="AppUserDetailsService" />
</security:http>
I want the dynamic page to try "Role_User" with remember-me auth, wait for a failure then fall back to "none". Is there a recommended way of doing this?
I have learn't about expressions like isRememberMe() and chained expressions, but I still don't know how I can solve this problem. What I want is something like this.
<security:intercept-url pattern="/dynamicPage" filters="ROLE_USER,none"/>
Since, none isn't returned by the getAuthorities query, I need to find some other way of doing this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我会使用“匿名身份验证”,其中用户无需经过身份验证。
添加
到您的配置并
希望有所帮助(我还没有尝试过)
I would use "anonymous authentication", where a user without being authenticated.
add
to your config and
Hope that helps (I haven't tried this)