1. 首頁
  2. 問答
  3. 即使登錄後,每個網址都會重定向到登錄頁面(彈簧安全)

即使登錄後,每個網址都會重定向到登錄頁面(彈簧安全)

2017-06-29 49 views
0

我爲我的crud應用程序使用彈簧安全性。必須顯示登錄員工列表之後。如果我需要在該頁面進行任何操作,它被重定向到登錄,即使登錄後頁面。即使登錄後,每個網址都會重定向到登錄頁面(彈簧安全)

這是我的控制器

@RequestMapping(value="/login") 
    public String log(Model model){ 
     model.addAttribute("user", new User()); 
     return "login"; 
    } 

    @RequestMapping(value="/loginUser",method=RequestMethod.POST) 
    public String login(@ModelAttribute("user") User user,Model model){ 

     try{ 
     userService.login(user); 
     model.addAttribute("employee", new Employee()); 
     model.addAttribute("user", getPrincipal()); 
     return "redirect:/employees"; 
     }catch(Exception e){ 
      return "redirect:/accessDenied"; 
     } 
    } 

    @RequestMapping(value = "/employees", method = RequestMethod.GET) 
    public String listEmployee(Model model) { 
     model.addAttribute("employee", new Employee()); 
     model.addAttribute("user", getPrincipal()); 
     model.addAttribute("listEmployee", employeeService.listEmployee()); 
     return "employee"; 
    } 

    @RequestMapping(value= "/employee/add", method = RequestMethod.POST) 
    public String addEmployee(@ModelAttribute("employee") Employee emp,Model model){ 

     this.employeeService.addEditEmployee(emp); 
     model.addAttribute("user", getPrincipal()); 
     return "redirect:/"; 

    } 

    @RequestMapping("/delete/{id}") 
    public String removeEmployee(@PathVariable("id") int id,Model model){ 

     this.employeeService.deleteEmployee(id); 
     model.addAttribute("user", getPrincipal()); 
     return "redirect:/employees"; 
    } 

    @RequestMapping("/edit/{id}") 
    public String editEmployee(@PathVariable("id") int id, Model model){ 
     model.addAttribute("employee", employeeService.getEmployeeById(id)); 
     model.addAttribute("listEmployees",employeeService.listEmployee()); 
     model.addAttribute("user", getPrincipal()); 
     return "employee"; 
    }

這是我的春天安全配置文件

<security:global-method-security secured-annotations="enabled"/> 
    <security:http auto-config="true" use-expressions="true"> 
     <security:intercept-url pattern="/" access="hasRole('ADMIN')"/> 
     <!-- <security:intercept-url pattern="/employees" access="hasRole('ADMIN')"/> --> 
     <security:form-login login-page="/login" login-processing-url="/login" 
          default-target-url="/employees" 
          authentication-failure-url="/login" /> 
    </security:http> 
    <security:authentication-manager > 
     <security:authentication-provider> 
      <security:jdbc-user-service authorities-by-username-query="" 
             users-by-username-query="select userName,password from user where userName=? AND password=?" 
             data-source-ref="dataSource"/> 
     </security:authentication-provider> 
    </security:authentication-manager>

這裏我需要的是,一旦我登錄,我應該執行所有的操作。我需要會話記得,我是在登錄

來源

2017-06-29 Sowmith Reddy N

+0

您正在使用Spring Security而不是使用Spring Security。讓Spring Security處理登錄過程而不是編寫自己的。 –

+0

你的userService.login(用戶)做了什麼? –

+0

公共用戶登錄信息(用戶的用戶){ \t \t用戶=(用戶)session.getCurrentSession()。個createCriteria(User.class) \t \t \t \t。新增(Restrictions.eq( 「username」 的,user.getUserName() )) \t \t \t \t。新增(Restrictions.eq( 「密碼」,user.getPassword())) \t \t \t \t .uniqueResult(); \t \t返回用戶; –

回答

2

請試試這個:<security:intercept-url pattern="/**" access="hasRole('ADMIN')"/>

爲什麼你正在處理您的控制器上登錄後?爲什麼你不使用spring安全登錄?

來源

2017-06-29 08:17:19

相關問題

 相關問題