1. 首頁
  2. 問答
  3. 春SecurityConfiguration

春SecurityConfiguration

2017-03-28 18 views
1

... 當運行它去到登錄頁面,而不是去 索引頁的應用程序這是我的安全配置春SecurityConfiguration

protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests().antMatchers("/index").permitAll() 
      .antMatchers("/login").permitAll() 
      .antMatchers("/admin/**").hasRole("ADMIN") 
      .antMatchers("/user/**").hasRole("USER") 
      .antMatchers("/dba/**").hasRole("DBA").and().formLogin().loginPage("/login") 
      .loginProcessingUrl("/login").usernameParameter("email").passwordParameter("password").and() 
      .rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository) 
      .tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied"); 

}

我有索引文件,但是當我把ADRESS我有404 ...

不要誤會什麼是錯的

UPDATE 現在我有其他問題 我已經改變了我的代碼到

@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests() 
      .antMatchers("/admin*/**").hasRole("ADMIN") 
      .antMatchers("/user*/**").hasRole("USER") 
      .antMatchers("/dba*/**").hasRole("DBA").and().formLogin().loginPage("/index").permitAll() 
      .loginProcessingUrl("/login").usernameParameter("email").passwordParameter("password").and() 
      .rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository) 
      .tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied"); 
}

與索引頁開始,在我選擇登錄,我把我的credentiasl,我回到指數...選擇重新登錄我要去我的管理頁面

這是我的控制器

@Controller 
@RequestMapping("/") 
@SessionAttributes("roles") 
public class IndexController { 

    private static final Logger logger = LoggerFactory.getLogger(Atividades.class); 

    @Autowired 
    AtividadesService as; 

    @Autowired 
    UserService userService; 

    @Autowired 
    UserProfileService userProfileService; 

    @Autowired 
    MessageSource messageSource; 

    @Autowired 
    PersistentTokenBasedRememberMeServices persistentTokenBasedRememberMeServices; 

    @Autowired 
    AuthenticationTrustResolver authenticationTrustResolver; 


    @RequestMapping(value = { "/"}, method = RequestMethod.GET) 
    public String homePage(ModelMap model) { 
     //Lista as atividades da semana 
     List<Atividades> atividades = as.listAllAtividades(); 
     model.addAttribute("atividades", atividades); 
     return "index"; 
    } 

    @RequestMapping(value = { "/admin" }, method = RequestMethod.GET) 
    public String listUsers(ModelMap model) { 
     List<AppUser> users = userService.listAllUsers(); 
     model.addAttribute("users", users); 
     model.addAttribute("loggedinuser", getPrincipal()); 
     return "/admin/admin"; 
    } 

    @ModelAttribute("roles") 
    public List<UserProfile> initializeProfiles() { 
     return userProfileService.findAll(); 
    } 

    @RequestMapping(value = "/Access_Denied", method = RequestMethod.GET) 
    public String accessDeniedPage(ModelMap model) { 
     model.addAttribute("loggedinuser", getPrincipal()); 
     return "accessDenied"; 
    } 

    @RequestMapping(value = "/login", method = RequestMethod.GET) 
    public String loginPage() { 
     if (isCurrentAuthenticationAnonymous()) { 
      return "login"; 
     } else { 
      return "redirect:/admin"; 
     } 
    } 

    @RequestMapping(value="/logout", method = RequestMethod.GET) 
    public String logoutPage (HttpServletRequest request, HttpServletResponse response){ 
     Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
     if (auth != null){ 
      //new SecurityContextLogoutHandler().logout(request, response, auth); 
      persistentTokenBasedRememberMeServices.logout(request, response, auth); 
      SecurityContextHolder.getContext().setAuthentication(null); 
     } 
     return "redirect:/login?logout"; 
    } 

    private String getPrincipal(){ 
     String userName = null; 
     Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 

     if (principal instanceof UserDetails) { 
      userName = ((UserDetails)principal).getUsername(); 
     } else { 
      userName = principal.toString(); 
     } 
     return userName; 
    } 

    private boolean isCurrentAuthenticationAnonymous() { 
     final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); 
     return authenticationTrustResolver.isAnonymous(authentication); 
    } 

}

我已經使用了調試,當我擊中登錄鏈接調試器轉到該方法

@RequestMapping(value = "/login", method = RequestMethod.GET) 
public String loginPage() { 
    if (isCurrentAuthenticationAnonymous()) { 
     return "login"; 
    } else { 
     return "redirect:/admin"; 
    } 
}

一nd檢查isCurrentAuthenticationAnonymous(),因爲我沒有提供任何憑證,所以它是null。 這是因爲主頁是登錄...但我想有一個索引頁面的信息和鏈接(登錄)..

任何幫助嗎?

來源

2017-03-28 gmc1972

+1

地圖的索引頁/ – jmw5598

回答

0

您應該添加.loginPage(「/ login」);或.loginPage(「/ index」);

更多信息:http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/guides/form.html

來源

2017-03-28 10:02:06

+0

請提供的,其中在用戶代碼 –

+0

添加這種精確的定位,他可以像'.antMatchers(「/指數」任意行之後添加代碼).formLogin() .loginPage(「/ login」)。permitAll()' –

相關問題

 相關問題