Java 拦截url spring security无法通过自定义登录正确获取它
我试图从html登录页面验证代码中定义的用户。这是我的配置Java 拦截url spring security无法通过自定义登录正确获取它,java,spring,security,spring-security,Java,Spring,Security,Spring Security,我试图从html登录页面验证代码中定义的用户。这是我的配置 如果我使用pattern=“/”,我无法登录jsp,并且由于403错误,控制器从未收到请求,如果我放置pattern=/inicio/,这是登录后的第一个页面,则应用程序只需保护/inicio,没有其他页面,除此之外,login.jsp没有正确的身份验证 请有人解释一下,我如何保护我的页面,让公共逻辑和资源,这样页面就可以获得正确的javascript和css文件,应用程序就可以进行身份验证 我想为spring安全性添加一些东西,
如果我使用pattern=“/”,我无法登录jsp,并且由于403错误,控制器从未收到请求,如果我放置pattern=/inicio/,这是登录后的第一个页面,则应用程序只需保护/inicio,没有其他页面,除此之外,login.jsp没有正确的身份验证
请有人解释一下,我如何保护我的页面,让公共逻辑和资源,这样页面就可以获得正确的javascript和css文件,应用程序就可以进行身份验证
我想为spring安全性添加一些东西,我用dispatcherServlet配置它,而不是ContextLoaderListener,这可能是问题所在吗?我将尝试并测试它。您可以将匿名用户访问的拦截器添加到身份验证用户的拦截器之前 在本例中,
/inicio
有一个权限,这意味着任何用户都可以访问它。(把这个拦截器放在顶部)
然后是私有访问,Spring Security将按照您放置拦截器的顺序进行评估
<security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')" />
这是一个完整的工作方法,请查看它是否有助于获得您的解决方案: pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.spring.security.demoxml</groupId>
<artifactId>xml-spring-security-demo</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<spring.version>4.3.10.RELEASE</spring.version>
<spring.security.version>4.2.3.RELEASE</spring.security.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>
</project>
java(以下是内部资源视图解析器的配置)
index.jsp(公共访问)
文件
你好
login.jsp(登录页面)
登录
用户名:
密码:
jsp(private部分)
标题
私人网页
我必须为那些从前端接收数据但不显示任何页面的控制器添加拦截?例如,如果您有一个带有@RequestMapping(“/myUrl”)的控制器,并且您需要公共访问权限,则将其添加到具有permitAll访问权限的拦截器顶部,但如果@RequestMapping(“/myUrl”)是私有的,则模式为=“/**”access=“hasRole”将保护它。我指定并且我在尝试登录时总是得到403错误,即使我使用在身份验证提供程序中创建的用户登录尝试使用“/login”而不是“/login*”。同样的问题,我更新了一件事我使用DispatcherServlet而不是ContextLoaderListener来配置安全性所在的xml,也许这就是问题所在我会尝试更新发生的事情Hanks man你不会相信的但我发现了我的问题我的情况是我的前端用json与后端通信所以我不知道如何在spring securitygood中验证json,如果你有一个最终的解决方案,你可以分享它也将有助于其他人与类似的问题。
<security:intercept-url pattern="/resources/**" access="permitAll()" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')" />
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.spring.security.demoxml</groupId>
<artifactId>xml-spring-security-demo</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<spring.version>4.3.10.RELEASE</spring.version>
<spring.security.version>4.2.3.RELEASE</spring.security.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>
</project>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring-servlet.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.mydemo.spring" ></context:component-scan>
<security:http auto-config="true">
<security:intercept-url pattern="/index" access="permitAll()" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_Usuario')"></security:intercept-url>
<security:form-login authentication-success-forward-url="/private"
default-target-url="/private"
username-parameter="username"
password-parameter="password"/>
<security:logout logout-success-url="/login" logout-url="/logout"></security:logout>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="manuel" password="1234" authorities="ROLE_Usuario" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
package com.mydemo.spring.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class MainController {
@RequestMapping(value = "/index")
public String main(){
return "index";
}
@RequestMapping(value = "/private")
public String getPrivate(){
return "private";
}
}
package com.mydemo.spring;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@Configuration
@EnableWebMvc
public class Application extends WebMvcConfigurerAdapter
{
@Bean
public InternalResourceViewResolver getViewResolver(){
InternalResourceViewResolver c = new InternalResourceViewResolver();
c.setPrefix("/");
c.setSuffix(".jsp");
return c;
}
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer){
configurer.enable();
}
}
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Document</title>
</head>
<body>
<h1>hi</h1>
</body>
</html>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="/login" method="post">
<div><label> User Name : <input type="text" name="username"/> </label></div>
<div><label> Password: <input type="password" name="password"/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>Private Page</h1>
</body>
</html>