Java 通过Spring Security在一个应用程序中正确配置两个单独的登录表单
我的web应用程序中有两个不同的用户:客户端和翻译器。我为此创建了两种不同的HttpSecurity配置。我有两种配置的超级类:Java 通过Spring Security在一个应用程序中正确配置两个单独的登录表单,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我的web应用程序中有两个不同的用户:客户端和翻译器。我为此创建了两种不同的HttpSecurity配置。我有两种配置的超级类: @Configuration @ComponentScan(basePackages = {"ua.translate"}) public class AppSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired CustomSuccessHandler customSucces
@Configuration
@ComponentScan(basePackages = {"ua.translate"})
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomSuccessHandler customSuccessHandler;
@Autowired
@Qualifier("customAccessDeniedHandler")
AccessDeniedHandler accessDeniedHandler;
@Autowired
DataSource dataSource;
@Autowired
PersistentTokenRepository tokenRepository;
@Override
public void configure(WebSecurity web){
web
.ignoring()
.antMatchers(new String[]{"/resources/**"});
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth,@Qualifier("detailsService") UserDetailsService uds) throws Exception{
auth.userDetailsService(uds)
.passwordEncoder(bcryptEncoder());
}
@Bean
public PasswordEncoder bcryptEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices(@Qualifier("detailsService") UserDetailsService uds) {
PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
"remember-me", uds, tokenRepository);
return tokenBasedservice;
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler
savedRequestAwareAuthenticationSuccessHandler() {
SavedRequestAwareAuthenticationSuccessHandler auth
= new SavedRequestAwareAuthenticationSuccessHandler();
auth.setTargetUrlParameter("targetUrl");
return auth;
}
}
对于不同的用户,有两种不同的配置:
@Configuration
@EnableWebSecurity
public class AppSecurityConfigGlobal{
@Configuration
@Order(1)
public static class AppSecurityConfigTranslator extends AppSecurityConfig{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/translator/**")
.authorizeRequests()
.antMatchers("/translator/registration*","/bulbular*").anonymous()
.antMatchers("/translator/index","/translator/login*").permitAll()
.antMatchers("/translator/**").hasRole("TRANSLATOR")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/translator/login")
.permitAll()
.successHandler(customSuccessHandler)
.failureUrl("/translator/login?error")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/j_spring_security_check")
.and()
.logout().deleteCookies("JSESSIONID")
.logoutUrl("/translator/logout")
.logoutSuccessUrl("/translator/login?logout")
.and()
.rememberMe().tokenRepository(tokenRepository)
.tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
}
}
@Configuration
@Order(2)
public static class AppSecurityConfigClient extends AppSecurityConfig{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/client/registration*","/bulbular*").anonymous()
.antMatchers("/client/**").hasRole("CLIENT")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/index","/translators","/orders","/client/login*").permitAll()
.and()
.formLogin()
.loginPage("/client/login")
.permitAll()
.successHandler(customSuccessHandler)
.failureUrl("/client/login?error")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/j_spring_security_check")
.and()
.logout().deleteCookies("JSESSIONID")
.logoutUrl("/client/logout")
.logoutSuccessUrl("/client/login?logout")
.and()
.rememberMe().tokenRepository(tokenRepository)
.tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
}
}
}
我的问题是,当角色为_CLIENT的用户注销时,他将被重定向到../CLIENT/login,并且没有显示成功注销的消息
但当角色为_TRANSLATOR的用户注销时,他将被重定向到../TRANSLATOR/login?注销,并显示消息,因此没有问题
我不明白这个问题的原因,请帮帮我)我找到了这个问题的原因!在客户端的配置中,我有:
.antMatchers("/client/registration*","/bulbular*").anonymous()
.antMatchers("/client/**").hasRole("CLIENT")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/index","/translators","/orders","/client/login*").permitAll()
但配置中andMatchers(..)顺序的一个规则是:最严格的andMatchers必须是最后一个
我改变了顺序:
.antMatchers("/client/registration*","/bulbular*").anonymous()
.antMatchers("/index","/translators","/orders","/client/login*").permitAll()
.antMatchers("/client/**").hasRole("CLIENT")
.antMatchers("/admin/**").hasRole("ADMIN")
问题解决了!)