Spring security Spring安全性-如何为根页面指定匿名角色
我的web应用程序的默认URL为 我想显示我的自定义登录页面,即/index.jsp 然而,当我配置spring安全性这样做时,我遇到了太多重定向问题。下面是security.xml文件中的代码 如果我遗漏了什么,请告诉我Spring security Spring安全性-如何为根页面指定匿名角色,spring-security,Spring Security,我的web应用程序的默认URL为 我想显示我的自定义登录页面,即/index.jsp 然而,当我配置spring安全性这样做时,我遇到了太多重定向问题。下面是security.xml文件中的代码 如果我遗漏了什么,请告诉我 <security:http auto-config="true" > <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" /> <security:in
<security:http auto-config="true" >
<security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
<security:intercept-url pattern="/*" access="ROLE_USER" />
<security:form-login login-page="/index.jsp" />
</security:http>
<security:authentication-provider>
<security:user-service>
<security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" />
<security:user name="alex" password="alex" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
尝试按如下方式指定配置:
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
<security:intercept-url pattern="/*" access="ROLE_USER" />
但是index.jsp是默认页面。你不必打字。打字就够了,我知道。但这将取决于url如何通过过滤器传递。如果只是
//index.jsp“/”“/index.jsp”权限<security:intercept-url pattern="/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/*" access="ROLE_USER" />