成功登录后,Spring MVC安全访问被拒绝
问题描述:
你好我有春天的MVC webb应用程序,并使用jdbc用户服务作为身份验证管理器。我把一切都配置后成功登录IM重定向到../首页(我应该是),它应该写我的名字,但相反,它写“访问被拒绝”成功登录后,Spring MVC安全访问被拒绝
的Spring XML文件 `
<http auto-config="true">
<intercept-url pattern="/home" access="hasRole('ROLE_USER, ROLE_ADMIN')"/>
<intercept-url pattern="/home/**" access="hasRole('ROLE_USER, ROLE_ADMIN')"/>
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/login" access="permitAll"/>
<form-login
login-processing-url="/j_spring_security_check"
login-page="/login"
authentication-success-handler-ref="authenticationSucessHandler"
authentication-failure-url="/login/error"
username-parameter="userName"
password-parameter="userPassword"
always-use-default-target="true"/>
<logout
invalidate-session="true"
delete-cookies="JSESSIONID"/>
<csrf />
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
</http>
<beans:bean name="authenticationSucessHandler" class="sk.icz.log.viewer.security.AuthenticationSuccessHnadler"/>
<authentication-manager>
<authentication-provider>
<jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, pass, enable from PUBLIC.users where username=?"
authorities-by-username-query="select username, rol from PUBLIC.user_roles where username=?"
/>
</authentication-provider>
</authentication-manager>
<jdbc:embedded-database id="dataSource" type="HSQL">
<jdbc:script location="classpath:db/schemaCreate.sql"/>
<jdbc:script location="classpath:db/addUser.sql"/>
</jdbc:embedded-database>
<beans:bean id="jdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<beans:constructor-arg ref="dbcpDataSource"/>
</beans:bean>
<beans:bean id="dbcpDataSource" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<beans:property name="driverClassName" value="org.hsqldb.jdbcDriver" />
<beans:property name="url" value="jdbc:hsqldb:mem:dataSource" />
<beans:property name="username" value="sa" />
<beans:property name="password" value="" />
</beans:bean>
<beans:bean depends-on="dataSource" class="org.springframework.beans.factory.config.MethodInvokingBean">
<beans:property name="targetClass" value="org.hsqldb.util.DatabaseManagerSwing"/>
<beans:property name="targetMethod" value="main"/>
<beans:property name="arguments">
<beans:list>
<beans:value>--url</beans:value>
<beans:value>jdbc:hsqldb:mem:SKUSKA</beans:value>
<beans:value>--user</beans:value>
<beans:value>sa</beans:value>
<beans:value>--password</beans:value>
<beans:value></beans:value>
</beans:list>
</beans:property>
</beans:bean>
`
schema_create.sql
create table users(
username varchar(20),
pass varchar(20),
enable int
);
create table user_roles(
username varchar(20),
rol varchar(20)
);
addUser.sql
insert into users values('admin', '123', 1);
insert into user_roles values('admin', 'ROLE_USER');
我没有创建的情况下,PFKeys关系数据库我只是想试试这个(我知道数据库建造错)
答
编辑
hasAnyRole(角色列表) - 如果用户已被授予任何指定的角色(作为逗号分隔的字符串列表),则为true。
当使用hasRole
春天期待一个角色,在你的情况下,你会想要使用hasAnyRole
并提供多个角色。最重要的是,你错过了报价。修改这两条线,看看它是否解决您的问题:
变化来自:
<intercept-url pattern="/home" access="hasRole('ROLE_USER, ROLE_ADMIN')"/>
<intercept-url pattern="/home/**" access="hasRole('ROLE_USER, ROLE_ADMIN')"/>
要:
<intercept-url pattern="/home" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>
<intercept-url pattern="/home/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>