0
我爲我的crud應用程序使用彈簧安全性。必須顯示登錄員工列表之後。如果我需要在該頁面進行任何操作,它被重定向到登錄,即使登錄後頁面。即使登錄後,每個網址都會重定向到登錄頁面(彈簧安全)
這是我的控制器
@RequestMapping(value="/login")
public String log(Model model){
model.addAttribute("user", new User());
return "login";
}
@RequestMapping(value="/loginUser",method=RequestMethod.POST)
public String login(@ModelAttribute("user") User user,Model model){
try{
userService.login(user);
model.addAttribute("employee", new Employee());
model.addAttribute("user", getPrincipal());
return "redirect:/employees";
}catch(Exception e){
return "redirect:/accessDenied";
}
}
@RequestMapping(value = "/employees", method = RequestMethod.GET)
public String listEmployee(Model model) {
model.addAttribute("employee", new Employee());
model.addAttribute("user", getPrincipal());
model.addAttribute("listEmployee", employeeService.listEmployee());
return "employee";
}
@RequestMapping(value= "/employee/add", method = RequestMethod.POST)
public String addEmployee(@ModelAttribute("employee") Employee emp,Model model){
this.employeeService.addEditEmployee(emp);
model.addAttribute("user", getPrincipal());
return "redirect:/";
}
@RequestMapping("/delete/{id}")
public String removeEmployee(@PathVariable("id") int id,Model model){
this.employeeService.deleteEmployee(id);
model.addAttribute("user", getPrincipal());
return "redirect:/employees";
}
@RequestMapping("/edit/{id}")
public String editEmployee(@PathVariable("id") int id, Model model){
model.addAttribute("employee", employeeService.getEmployeeById(id));
model.addAttribute("listEmployees",employeeService.listEmployee());
model.addAttribute("user", getPrincipal());
return "employee";
}
這是我的春天安全配置文件
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/" access="hasRole('ADMIN')"/>
<!-- <security:intercept-url pattern="/employees" access="hasRole('ADMIN')"/> -->
<security:form-login login-page="/login" login-processing-url="/login"
default-target-url="/employees"
authentication-failure-url="/login" />
</security:http>
<security:authentication-manager >
<security:authentication-provider>
<security:jdbc-user-service authorities-by-username-query=""
users-by-username-query="select userName,password from user where userName=? AND password=?"
data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
這裏我需要的是,一旦我登錄,我應該執行所有的操作。我需要會話記得,我是在登錄
您正在使用Spring Security而不是使用Spring Security。讓Spring Security處理登錄過程而不是編寫自己的。 –
你的userService.login(用戶)做了什麼? –
公共用戶登錄信息(用戶的用戶){ \t \t用戶=(用戶)session.getCurrentSession()。個createCriteria(User.class) \t \t \t \t。新增(Restrictions.eq( 「username」 的,user.getUserName() )) \t \t \t \t。新增(Restrictions.eq( 「密碼」,user.getPassword())) \t \t \t \t .uniqueResult(); \t \t返回用戶; –