即使在登录之后,每个url都会重定向到登录页面(spring security)
我正在为我的crud应用程序使用spring security。登录后,必须显示员工列表。若我需要在该页面中执行任何操作,即使在登录之后,它也会重定向到登录页面 这是我的控制器即使在登录之后,每个url都会重定向到登录页面(spring security),spring,security,Spring,Security,我正在为我的crud应用程序使用spring security。登录后,必须显示员工列表。若我需要在该页面中执行任何操作,即使在登录之后,它也会重定向到登录页面 这是我的控制器 @RequestMapping(value="/login") public String log(Model model){ model.addAttribute("user", new User()); return "login"; } @RequestMa
@RequestMapping(value="/login")
public String log(Model model){
model.addAttribute("user", new User());
return "login";
}
@RequestMapping(value="/loginUser",method=RequestMethod.POST)
public String login(@ModelAttribute("user") User user,Model model){
try{
userService.login(user);
model.addAttribute("employee", new Employee());
model.addAttribute("user", getPrincipal());
return "redirect:/employees";
}catch(Exception e){
return "redirect:/accessDenied";
}
}
@RequestMapping(value = "/employees", method = RequestMethod.GET)
public String listEmployee(Model model) {
model.addAttribute("employee", new Employee());
model.addAttribute("user", getPrincipal());
model.addAttribute("listEmployee", employeeService.listEmployee());
return "employee";
}
@RequestMapping(value= "/employee/add", method = RequestMethod.POST)
public String addEmployee(@ModelAttribute("employee") Employee emp,Model model){
this.employeeService.addEditEmployee(emp);
model.addAttribute("user", getPrincipal());
return "redirect:/";
}
@RequestMapping("/delete/{id}")
public String removeEmployee(@PathVariable("id") int id,Model model){
this.employeeService.deleteEmployee(id);
model.addAttribute("user", getPrincipal());
return "redirect:/employees";
}
@RequestMapping("/edit/{id}")
public String editEmployee(@PathVariable("id") int id, Model model){
model.addAttribute("employee", employeeService.getEmployeeById(id));
model.addAttribute("listEmployees",employeeService.listEmployee());
model.addAttribute("user", getPrincipal());
return "employee";
}
这是我的spring安全配置文件
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/" access="hasRole('ADMIN')"/>
<!-- <security:intercept-url pattern="/employees" access="hasRole('ADMIN')"/> -->
<security:form-login login-page="/login" login-processing-url="/login"
default-target-url="/employees"
authentication-failure-url="/login" />
</security:http>
<security:authentication-manager >
<security:authentication-provider>
<security:jdbc-user-service authorities-by-username-query=""
users-by-username-query="select userName,password from user where userName=? AND password=?"
data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
这里我需要的是,一旦我登录,我应该执行所有的操作。我需要会话来记住我已登录。请尝试此操作:
你为什么在控制器上处理登录帖子?!为什么不使用spring安全性登录?您正在使用spring安全性,而不是使用spring安全性。让Spring Security处理登录过程,而不是编写自己的。您的`userService.login(user)做什么?公共用户登录(user-user){user=(user)会话。getCurrentSession().createCriteria(user.class)。添加(Restrictions.eq(“用户名”),user.getUserName())。添加(Restrictions.eq(“密码”,user.getPassword()).uniqueResult();返回用户;