如何在不验证用户身份的情况下限制打开除登录页面以外的所有jsp页面?
嗨,我是SpringMVC的新手,当我尝试使用SpringSecurity模块设计登录页面时。其身份验证正确并转发到公共页面。但另一方面,如果我直接访问URl:host/testApp/krams/main/common,它将在不登录的情况下打开。然而,我尝试使用“method=RequestMethod.POST”,但出现了类似“HTTP状态405-请求方法'get'不受支持”的错误。我在WEB-INF下的所有Jsp页面,因为我不想在没有登录的情况下直接访问任何页面。 请帮助我理解这个概念。请查看下面的代码如何在不验证用户身份的情况下限制打开除登录页面以外的所有jsp页面?,jsp,spring-security,Jsp,Spring Security,嗨,我是SpringMVC的新手,当我尝试使用SpringSecurity模块设计登录页面时。其身份验证正确并转发到公共页面。但另一方面,如果我直接访问URl:host/testApp/krams/main/common,它将在不登录的情况下打开。然而,我尝试使用“method=RequestMethod.POST”,但出现了类似“HTTP状态405-请求方法'get'不受支持”的错误。我在WEB-INF下的所有Jsp页面,因为我不想在没有登录的情况下直接访问任何页面。 请帮助我理解这个概念。请
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(@RequestParam(value="error", required=false) boolean error,
ModelMap model) {
logger.debug("Received request to show login page");
if (error == true) {
// Assign an error message
model.put("error", "You have entered an invalid username or password!");
} else {
model.put("error", "");
}
return "loginpage";
}
@RequestMapping(value = "/common", method = RequestMethod.POST)
public String getCommonPage() {
logger.debug("Received request to show common page");
System.out.println("---------From getCommonPage ---------");
// This will resolve to /WEB-INF/jsp/commonpage.jsp
return "commonpage";
}
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
@RequestMapping(value=“/login”,method=RequestMethod.GET)
公共字符串getLoginPage(@RequestParam(value=“error”,required=false)布尔错误,
模型(地图模型){
debug(“收到显示登录页面的请求”);
如果(错误==true){
//分配错误消息
model.put(“错误”,“您输入的用户名或密码无效!”);
}否则{
model.put(“错误”,“错误”);
}
返回“登录页面”;
}
@RequestMapping(value=“/common”,method=RequestMethod.POST)
公共字符串getCommonPage(){
调试(“收到显示公共页面的请求”);
System.out.println(“-----------来自getCommonPage----------------”);
//这将解析为/WEB-INF/jsp/commonpage.jsp
返回“commonpage”;
}
有关身份验证,请参阅
AuthenticationInterceptor.java
package com.sivalabs.web.controllers;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.sivalabs.entities.User;
@Component
public class AuthenticationInterceptor extends HandlerInterceptorAdapter
{
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception
{
String uri = request.getRequestURI();
if(!uri.endsWith("login.do") && !uri.endsWith("logout.do"))
{
User userData = (User) request.getSession().getAttribute("LOGGEDIN_USER");
if(userData == null)
{
response.sendRedirect("login.do");
return false;
}
}
return true;
}
}
WEB-INF/dispatcher servlet.xml
<beans>
<context:annotation-config/>
<context:component-scan base-package="com.sivalabs"/>
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<ref bean="authenticationInterceptor"/>
</property>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp"/>
</beans>
现在,如果我们尝试在不登录应用程序的情况下访问任何其他URL,它将自动重定向到登录页面
对于授权,您可以使用UserRoleAuthorizationInterceptor
看
用法
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping">
<property name="interceptors" ref="authorizationInterceptor"/>
</bean>
<bean id="authorizationInterceptor"
class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
<property name="authorizedRoles" value="administrator,operator"/>
</bean>
Hi Parth,我已经实现了您的代码,但仍然得到404 error.spring-servlet.xml