Java 拦截url spring security无法通过自定义登录正确获取它

我试图从html登录页面验证代码中定义的用户。这是我的配置

如果我使用pattern=“/”，我无法登录jsp，并且由于403错误，控制器从未收到请求，如果我放置pattern=/inicio/，这是登录后的第一个页面，则应用程序只需保护/inicio，没有其他页面，除此之外，login.jsp没有正确的身份验证

请有人解释一下，我如何保护我的页面，让公共逻辑和资源，这样页面就可以获得正确的javascript和css文件，应用程序就可以进行身份验证

---

我想为spring安全性添加一些东西，我用dispatcherServlet配置它，而不是ContextLoaderListener，这可能是问题所在吗？我将尝试并测试它。

您可以将匿名用户访问的拦截器添加到身份验证用户的拦截器之前

在本例中，

/inicio

有一个权限，这意味着任何用户都可以访问它。（把这个拦截器放在顶部）

然后是私有访问，Spring Security将按照您放置拦截器的顺序进行评估

 <security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')" />

---

这是一个完整的工作方法，请查看它是否有助于获得您的解决方案：

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.spring.security.demoxml</groupId>
    <artifactId>xml-spring-security-demo</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>war</packaging>
    <properties>
        <spring.version>4.3.10.RELEASE</spring.version>
        <spring.security.version>4.2.3.RELEASE</spring.security.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

    </dependencies>


</project>

java（以下是内部资源视图解析器的配置）

index.jsp（公共访问）

文件
你好

login.jsp（登录页面）

登录
用户名：
密码：

jsp（private部分）

标题
私人网页

我必须为那些从前端接收数据但不显示任何页面的控制器添加拦截？例如，如果您有一个带有@RequestMapping（“/myUrl”）的控制器，并且您需要公共访问权限，则将其添加到具有permitAll访问权限的拦截器顶部，但如果@RequestMapping（“/myUrl”）是私有的，则模式为=“/**”access=“hasRole”将保护它。我指定并且我在尝试登录时总是得到403错误，即使我使用在身份验证提供程序中创建的用户登录尝试使用“/login”而不是“/login*”。同样的问题，我更新了一件事我使用DispatcherServlet而不是ContextLoaderListener来配置安全性所在的xml，也许这就是问题所在我会尝试更新发生的事情Hanks man你不会相信的但我发现了我的问题我的情况是我的前端用json与后端通信所以我不知道如何在spring securitygood中验证json，如果你有一个最终的解决方案，你可以分享它也将有助于其他人与类似的问题。

 <security:intercept-url pattern="/resources/**" access="permitAll()" />

 <security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')" />

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.spring.security.demoxml</groupId>
    <artifactId>xml-spring-security-demo</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>war</packaging>
    <properties>
        <spring.version>4.3.10.RELEASE</spring.version>
        <spring.security.version>4.2.3.RELEASE</spring.security.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

    </dependencies>


</project>

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/spring-servlet.xml</param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.mydemo.spring" ></context:component-scan>

<security:http auto-config="true">
    <security:intercept-url pattern="/index" access="permitAll()" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')"></security:intercept-url>

    <security:form-login authentication-success-forward-url="/private"
                         default-target-url="/private"
                         username-parameter="username"
                         password-parameter="password"/>
    <security:logout logout-success-url="/login" logout-url="/logout"></security:logout>

</security:http>
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="manuel" password="1234" authorities="ROLE_Usuario" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

package com.mydemo.spring.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class MainController {

    @RequestMapping(value = "/index")
    public String main(){
        return "index";
    }

    @RequestMapping(value = "/private")
    public String getPrivate(){
        return "private";
    }
}

package com.mydemo.spring;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;

@Configuration
@EnableWebMvc
public class Application extends WebMvcConfigurerAdapter
{

    @Bean
    public InternalResourceViewResolver getViewResolver(){
        InternalResourceViewResolver c = new InternalResourceViewResolver();
        c.setPrefix("/");
        c.setSuffix(".jsp");
        return c;
    }

    @Override
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer){
        configurer.enable();

    }
}

<html lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>Document</title>
</head>
<body>
<h1>hi</h1>
</body>
</html>

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Login</title>
</head>
<body>
<form action="/login" method="post">
    <div><label> User Name : <input type="text" name="username"/> </label></div>
    <div><label> Password: <input type="password" name="password"/> </label></div>
    <div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<h1>Private Page</h1>
</body>
</html>