Fatal编程技术网
  • spring-security/
  • Spring security 在spring安全性中使用http get方法访问资源,如localhost:8090/MyProject/admin/createProfile.html?j_username=admin&j_password=admin

Spring security 在spring安全性中使用http get方法访问资源,如localhost:8090/MyProject/admin/createProfile.html?j_username=admin&j_password=admin

spring-security

Spring security 在spring安全性中使用http get方法访问资源,如localhost:8090/MyProject/admin/createProfile.html?j_username=admin&j_password=admin,spring-security,Spring Security,这是我的安全配置文件,你知道如何实现吗?从过去3天开始,我一直在做这件事,但没有得到解决方案。谢谢你的帮助 <http access-denied-page="/WEB-INF/pages/accessdenied.jsp" auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint"> <logout inval

这是我的安全配置文件,你知道如何实现吗?从过去3天开始,我一直在做这件事,但没有得到解决方案。谢谢你的帮助

    <http access-denied-page="/WEB-INF/pages/accessdenied.jsp"
        auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
        <logout invalidate-session="true" logout-success-url="/logout.html" delete-cookies="JSESSIONID" />
        <intercept-url pattern="/login" access="permitAll" />
        <intercept-url pattern="/admin/**" method = "GET" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/welcome.html" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="testFilter" />
    </http>

    <beans:bean id="testFilter"
        class="com.test.dev..PreUsernamePasswordAuthenticationFilter">
        <beans:property name="postOnly" value="false" />
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationFailureHandler" ref="failureHandler" />
        <beans:property name="authenticationSuccessHandler" ref="successHandler" />
    </beans:bean>

    <beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/welcome.html" />
        <beans:property name="alwaysUseDefaultTargetUrl" value="true" />
    </beans:bean>

    <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/loginfailed.html" />
    </beans:bean>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.html" />
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userDetailsService">
        </authentication-provider>
    </authentication-manager>

    <security:global-method-security
        secured-annotations="enabled" jsr250-annotations="enabled"
        pre-post-annotations="enabled">
    </security:global-method-security>
您可以在web.xml文件中添加此筛选器,并将spring security.xml文件导入application-context.xml文件

springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /*
我想您应该在wweb.xml中添加这个过滤器