Spring security Spring安全角色
我的数据库中有用户角色表,其中包含“ROLE\u ADMIN”和“ROLE\u user”等角色,在applicationContext-security.xml中,我将filterSecurityInterceptor定义为:Spring security Spring安全角色,spring-security,Spring Security,我的数据库中有用户角色表,其中包含“ROLE\u ADMIN”和“ROLE\u user”等角色,在applicationContext-security.xml中,我将filterSecurityInterceptor定义为: <s:filter-chain pattern="/rpc/adminService" filters=" authenticationProcessingFilter, filterSecurityIntercepto
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
如何将数据库中定义的角色转换为securityContext可以识别的角色?您的配置中有这个吗
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
<authentication-manager>
<authentication-provider user-service-ref="accountRepository">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
我使用它进行简单的测试:
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
<authentication-manager alias="authenticationManager" >
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query =
"SELECT username, password, CASE Status WHEN 1 THEN 'true' ELSE 'false' END as enabled
FROM User
WHERE username = ?"
authorities-by-username-query=
"SELECT username, CASE role WHEN 1 THEN 'ROLE_USER' WHEN 2 THEN 'ROLE_ADMIN' ELSE 'ROLE_GUEST' END as authorities
FROM User
WHERE username = ?" />
</authentication-provider>
</authentication-manager>
您在/rpc/adminService
的筛选器链中没有HttpSessionContextIntegrationFilter
。当您看到问题时,您没有说明请求URL是什么,但是如果您访问该URL,则不会为请求提供安全上下文
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
弹簧安全过滤器链应始终包含此过滤器
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
我也会小心你的
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>
<s:filter-chain pattern="/**" filters="none" />
因为任何与前面模式不匹配的内容都不会有安全上下文。听起来您没有正确设置身份验证。请说明您是如何配置筛选链的。@LukeTaylor:我已经更新了代码以包含筛选链。thxi尝试了此操作,但出现错误“无法找到元素[jdbc用户服务]的BeanDefinitionDecorator”???
<s:filter-chain pattern="/rpc/adminService"
filters="
authenticationProcessingFilter,
filterSecurityInterceptor"/>
<s:filter-chain pattern="/rpc/**"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<s:filter-chain pattern="/j_spring_security*"
filters="
concurrentSessionFilter,
httpSessionContextIntegrationFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeProcessingFilter,
anonymousProcessingFilter" />
<s:filter-chain pattern="/**" filters="none" />
</s:filter-chain-map>