Spring boot 如何在Spring Boot中区分公共页面和私有页面?
我正在制作一款Spring Boot应用程序,仅供学习之用。 其中我有一个home.jsp页面,带有URL模式/home, 具有URL模式/first的first.jsp页面 同样,第二个.jsp页面的URL模式为/second 现在,我想使/home成为所有人都可以访问的公共页面,并希望使/first和/second安全 我尝试的是:Spring boot 如何在Spring Boot中区分公共页面和私有页面?,spring-boot,spring-security,Spring Boot,Spring Security,我正在制作一款Spring Boot应用程序,仅供学习之用。 其中我有一个home.jsp页面,带有URL模式/home, 具有URL模式/first的first.jsp页面 同样,第二个.jsp页面的URL模式为/second 现在,我想使/home成为所有人都可以访问的公共页面,并希望使/first和/second安全 我尝试的是: @Override protected void configure(HttpSecurity http) throws Exception { htt
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/home").permitAll()
.anyRequest().authenticated();
}
http://localhost:8080/home 工作正常,但是
http://localhost:8080/first 和http://localhost:8080/second 出现以下错误:
白标错误页
此应用程序没有/error的显式映射,因此您将其视为回退
2019年9月4日星期三20:02:52
出现意外错误类型=禁止,状态=403。
拒绝访问
在这种情况下,实际需要的是“基于角色的身份验证”
用户:
用户角色:
所以HTTP 403说第一页和第二页是安全的。。。这正是你想要的,对吧。那我怎么能搬到那里去呢pages@SUMITLOHAN你需要先登录。您没有配置任何身份验证机制。@dur如何配置身份验证mechanism@SUMITLOHAN:见
@Configuration
@EnableAutoConfiguration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws
Exception
{
http.authorizeRequests()
.antMatchers("/first").hasRole("SECURE_USERS")
.antMatchers("/second").hasRole("SECURE_USERS")
.antMatchers("/","/home").permitAll().anyRequest().authenticated().and()
.formLogin().loginPage("/login").permitAll().and().logout().permitAll();
http.exceptionHandling().accessDeniedPage("/403");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws
Exception
{
auth.jdbcAuthentication().dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery("select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery("select username, role from user_roles where username=?");
}
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
@Entity
@Table(name = "users")
public class Users {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "users_id", nullable = false)
private Integer users_id;
@Column(name = "username", nullable = false, unique = true)
private String username;
@Column(name = "password")
@Transient
private String password;
public Integer getUsers_id() {
return users_id;
}
public void setUsers_id(Integer users_id) {
this.users_id = users_id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
@Entity
@Table(name = "user_roles", uniqueConstraints =
@UniqueConstraint(columnNames = { "username", "role" }))
public class UserRoles {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "user_roles_fl_id", nullable = false)
private Integer user_roles_fl_id;
@Column(name = "username", nullable = false)
private String username;
@Column(name = "role")
private String role;
public Integer getUser_roles_fl_id() {
return user_roles_fl_id;
}
public void setUser_roles_fl_id(Integer user_roles_fl_id) {
this.user_roles_fl_id = user_roles_fl_id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
}