Fatal编程技术网
  • java/
  • Java 如何在最简单的情况下正确配置spring安全性?

Java 如何在最简单的情况下正确配置spring安全性?

java spring

Java 如何在最简单的情况下正确配置spring安全性?,java,spring,Java,Spring,我有控制器: @Controller public class SecurityController{ @RequestMapping(value="/403") public String renderAccessDeniedPage(){ return "403"; } @RequestMapping(value="/admin") public String renderAdminWelcomePage(){ re

我有控制器:

@Controller
public class SecurityController{

    @RequestMapping(value="/403")
    public String renderAccessDeniedPage(){
        return "403";
    }

    @RequestMapping(value="/admin")
    public String renderAdminWelcomePage(){
        return "admin/welcome";
    }
}
它应该在SpringSecurity重新接收请求时呈现安全视图。我有以下配置:

web.xml

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/coreContext.xml /WEB-INF/securityContext.xml</param-value>
  </context-param>

  <servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value></param-value>
    </init-param>
  </servlet>

  <servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/</url-pattern>
  </filter-mapping>
问题是,当我试图通过浏览器发送呈现页面的请求时,即使没有登录,我也只得到了请求的页面(
admin.jsp
)。我试着调试,发现没有调用我在
web.xml
中声明的
org.springframework.web.filter.DelegatingFilterProxy
方法。怎么了?

除了巴罗斯的评论之外(使用
尝试将
更改为
@AlanBarrows尝试过了,一切都一样。等等,我只是试图理解过滤器链的url映射中指定的模式的含义。我以为它可能被称为其中一种方法…最终这就是问题所在。现在我已经更改了它,它可以工作了,谢谢。

<security:http auto-config="true" use-expressions="true">
    <security:access-denied-handler error-page="/403" />
    <security:intercept-url pattern="admin/**" access="hasRole('ADMIN')" />
    <security:form-login login-page="/" username-parameter="user" password-parameter="pass" login-processing-url="/" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="xaDataSource" 
        authorities-by-username-query="select name, role from users where name = ?" 
        users-by-username-query="select name, password, enabled from users_auth where name = ?" />
    </security:authentication-provider>
</security:authentication-manager>



<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>