2
我在我的web應用程序中有兩個不同的用戶:客戶端和翻譯器。我爲此創建了兩個不同的HttpSecurity配置。我有兩種配置超類:通過Spring Security在一個應用程序中正確配置兩個單獨的登錄表單
@Configuration
@ComponentScan(basePackages = {"ua.translate"})
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomSuccessHandler customSuccessHandler;
@Autowired
@Qualifier("customAccessDeniedHandler")
AccessDeniedHandler accessDeniedHandler;
@Autowired
DataSource dataSource;
@Autowired
PersistentTokenRepository tokenRepository;
@Override
public void configure(WebSecurity web){
web
.ignoring()
.antMatchers(new String[]{"/resources/**"});
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth,@Qualifier("detailsService") UserDetailsService uds) throws Exception{
auth.userDetailsService(uds)
.passwordEncoder(bcryptEncoder());
}
@Bean
public PasswordEncoder bcryptEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices(@Qualifier("detailsService") UserDetailsService uds) {
PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
"remember-me", uds, tokenRepository);
return tokenBasedservice;
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler
savedRequestAwareAuthenticationSuccessHandler() {
SavedRequestAwareAuthenticationSuccessHandler auth
= new SavedRequestAwareAuthenticationSuccessHandler();
auth.setTargetUrlParameter("targetUrl");
return auth;
}
}
有針對不同的用戶兩種不同的配置:當用戶用ROLE_CLIENT退出,他將被重定向到../client/
@Configuration
@EnableWebSecurity
public class AppSecurityConfigGlobal{
@Configuration
@Order(1)
public static class AppSecurityConfigTranslator extends AppSecurityConfig{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/translator/**")
.authorizeRequests()
.antMatchers("/translator/registration*","/bulbular*").anonymous()
.antMatchers("/translator/index","/translator/login*").permitAll()
.antMatchers("/translator/**").hasRole("TRANSLATOR")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/translator/login")
.permitAll()
.successHandler(customSuccessHandler)
.failureUrl("/translator/login?error")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/j_spring_security_check")
.and()
.logout().deleteCookies("JSESSIONID")
.logoutUrl("/translator/logout")
.logoutSuccessUrl("/translator/login?logout")
.and()
.rememberMe().tokenRepository(tokenRepository)
.tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
}
}
@Configuration
@Order(2)
public static class AppSecurityConfigClient extends AppSecurityConfig{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/client/registration*","/bulbular*").anonymous()
.antMatchers("/client/**").hasRole("CLIENT")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/index","/translators","/orders","/client/login*").permitAll()
.and()
.formLogin()
.loginPage("/client/login")
.permitAll()
.successHandler(customSuccessHandler)
.failureUrl("/client/login?error")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/j_spring_security_check")
.and()
.logout().deleteCookies("JSESSIONID")
.logoutUrl("/client/logout")
.logoutSuccessUrl("/client/login?logout")
.and()
.rememberMe().tokenRepository(tokenRepository)
.tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
}
}
}
我的問題是登錄並且不顯示成功註銷的消息。
但是當用戶使用ROLE_TRANSLATOR註銷時,他被重定向到../translator/login?logout並顯示消息,所以沒有問題。
我不明白這個問題的原因,請幫助我)