Fatal编程技术网
  • spring-boot/
  • Spring boot 如何在Spring Boot中区分公共页面和私有页面?

Spring boot 如何在Spring Boot中区分公共页面和私有页面?

spring-boot spring-security

Spring boot 如何在Spring Boot中区分公共页面和私有页面?,spring-boot,spring-security,Spring Boot,Spring Security,我正在制作一款Spring Boot应用程序,仅供学习之用。 其中我有一个home.jsp页面,带有URL模式/home, 具有URL模式/first的first.jsp页面 同样,第二个.jsp页面的URL模式为/second 现在,我想使/home成为所有人都可以访问的公共页面,并希望使/first和/second安全 我尝试的是: @Override protected void configure(HttpSecurity http) throws Exception { htt

我正在制作一款Spring Boot应用程序,仅供学习之用。 其中我有一个home.jsp页面,带有URL模式/home, 具有URL模式/first的first.jsp页面 同样,第二个.jsp页面的URL模式为/second

现在,我想使/home成为所有人都可以访问的公共页面,并希望使/first和/second安全

我尝试的是:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/home").permitAll()
            .anyRequest().authenticated();
}
http://localhost:8080/home 工作正常,但是 http://localhost:8080/first 和http://localhost:8080/second 出现以下错误:

白标错误页

此应用程序没有/error的显式映射,因此您将其视为回退

2019年9月4日星期三20:02:52

出现意外错误类型=禁止,状态=403。 拒绝访问

在这种情况下,实际需要的是“基于角色的身份验证” 用户:

用户角色:

所以HTTP 403说第一页和第二页是安全的。。。这正是你想要的,对吧。那我怎么能搬到那里去呢pages@SUMITLOHAN你需要先登录。您没有配置任何身份验证机制。@dur如何配置身份验证mechanism@SUMITLOHAN:见 
@Configuration
@EnableAutoConfiguration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
DataSource dataSource;

@Override
 protected void configure(HttpSecurity http) throws 
 Exception 
 {
     http.authorizeRequests()
    .antMatchers("/first").hasRole("SECURE_USERS")
    .antMatchers("/second").hasRole("SECURE_USERS")
    .antMatchers("/","/home").permitAll().anyRequest().authenticated().and()
    .formLogin().loginPage("/login").permitAll().and().logout().permitAll();
     http.exceptionHandling().accessDeniedPage("/403");
}

@Autowired
 public void configAuthentication(AuthenticationManagerBuilder auth) throws 
 Exception 
{
     auth.jdbcAuthentication().dataSource(dataSource)
    .passwordEncoder(passwordEncoder())
    .usersByUsernameQuery("select username,password, enabled from users where username=?")
    .authoritiesByUsernameQuery("select username, role from user_roles where username=?");
}

 public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

}

@Entity
@Table(name = "users")
public class Users {

@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "users_id", nullable = false)
private Integer users_id;

@Column(name = "username", nullable = false, unique = true)
private String username;

@Column(name = "password")
@Transient
private String password;

public Integer getUsers_id() {
    return users_id;
}

public void setUsers_id(Integer users_id) {
    this.users_id = users_id;
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}
}

@Entity
@Table(name = "user_roles", uniqueConstraints = 
@UniqueConstraint(columnNames = { "username", "role" }))
public class UserRoles {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "user_roles_fl_id", nullable = false)
private Integer user_roles_fl_id;

@Column(name = "username", nullable = false)
private String username;

@Column(name = "role")
private String role;

public Integer getUser_roles_fl_id() {
    return user_roles_fl_id;
}

public void setUser_roles_fl_id(Integer user_roles_fl_id) {
    this.user_roles_fl_id = user_roles_fl_id;
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getRole() {
    return role;
}

public void setRole(String role) {
    this.role = role;
}

}