1. 首頁
  2. 問答
  3. Spring Security詢問身份驗證問題

Spring Security詢問身份驗證問題

2016-02-17 165 views
1

即使在登錄後訪問intercept-URL,我的基本spring安全性和內存認證也要求提供憑據。我的Spring配置如下Spring Security詢問身份驗證問題

的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> 
    <display-name>WOW-PORTAL</display-name> 
    <welcome-file-list> 
    <welcome-file>home.jsp</welcome-file> 
    </welcome-file-list> 

    <servlet> 
    <servlet-name>DailyStatusReport</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
    <servlet-name>DailyStatusReport</servlet-name> 
    <url-pattern>*.do</url-pattern> 
    </servlet-mapping> 


</web-app>

DailyStatusReport-servlet.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation=" 
     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 
<context:component-scan base-package="org.WOW.*" /> 
<mvc:annotation-driven/> 
<bean name="TestExecutionReport" class="MasterCraft.src.testReport.TestExecutionReport"/> 
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
     <property name="prefix" value="/" /> 
     <property name="suffix" value=".jsp" /> 
</bean>

和我的Java的配置是:

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(securedEnabled = true) 

public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Override 
    @Autowired 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
       .inMemoryAuthentication() 
        .withUser("user").password("password").roles("USER") 
        .and() 
        .withUser("admin").password("password").roles("USER", "FOO"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .formLogin() 
        .loginPage("/login.do") 
        .loginProcessingUrl("/login.do") 
        .defaultSuccessUrl("/") 
        .usernameParameter("custom_username") 
        .passwordParameter("custom_password") 
        .failureUrl("/login.do?error=true") 

       .and() 
       .logout().logoutUrl("/logout.do").logoutSuccessUrl("/login.do?logout=true") 
       .and() 
       .csrf() 
        .disable() 
       .authorizeRequests() 
        .antMatchers("/reports/*.do").hasAnyAuthority("USER") 
        .antMatchers("/schedule/*").hasAnyAuthority("FOO") 
        .anyRequest().anonymous(); 
    } 
}

我的控制器:

@RequestMapping(value="reports/addCoq",method=RequestMethod.GET) 
    public String getAddCOQScreen(){ 
     return "projectCOQ"; 
    } 


    @RequestMapping(value="/login",method=RequestMethod.GET) 
    public String getLogincreen(){ 
     return "login"; 
    } 

    @RequestMapping(value="/getCoq",method=RequestMethod.GET) 
    public String getAddCOQReportScreen(){ 
     return "COQReport"; 
    }

登錄後,如果我去到任何攔截的URL,我提示登錄頁面再次

<%@ taglib uri="http://www.springframework.org/tags" prefix="spring"%> 
 
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %> 
 
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
 

 

 
<style> 
 
.googleimage { 
 
    margin: -15px -16px 1px -3px; 
 
} 
 
.userIcon { 
 
float : right !important 
 
} 
 
</style> 
 
<nav class="navbar-fixed-top"> 
 
\t <div class="container"> 
 
\t \t <ul class="nav nav-pills" role="tablist"> 
 
\t \t <link rel="shortcut icon" href="images/logo/favicon.ico" type="image/x-icon" /> 
 
\t \t \t <li> <a target="_blank" href="#"class="googleimage"> 
 
\t \t \t  </a></li> 
 
\t \t \t <!-- <li> <img src="images/headerImages/cam.png"></li> 
 
\t \t \t <li><img src="images/headerImages/player.png"></li> --> 
 
\t \t \t <sec:authorize access="authenticated" var="authenticated"/> 
 
\t \t \t \t <c:choose> 
 
\t \t \t \t \t <c:when test="${authenticated}"> 
 
\t \t \t \t \t \t <li> 
 
\t \t \t \t \t \t \t <p class="navbar-text"> 
 
\t \t \t \t \t \t \t \t Welcome 
 
\t \t \t \t \t \t \t \t <sec:authentication property="name"/> 
 
\t \t \t \t \t \t \t \t <a id="logout" href="#">Logout</a> 
 
\t \t \t \t \t \t \t </p> 
 
\t \t \t \t \t \t \t <form id="logout-form" action="<c:url value="/logout"/>" method="post"> 
 
\t \t \t \t \t \t \t \t <sec:csrfInput/> 
 
\t \t \t \t \t \t \t </form> 
 
\t \t \t \t \t \t </li> \t 
 
\t \t \t \t \t </c:when> 
 
\t \t \t \t \t <c:otherwise> 
 
\t \t \t \t \t <a href="<spring:url value="/login.do"/>">Sign In</a> 
 
\t \t \t \t \t \t <li class = "userIcon"><img src="images/headerImages/Account and Control.gif"></li> \t \t \t 
 
\t \t \t \t \t </c:otherwise> 
 
\t \t \t \t </c:choose> 
 
\t \t \t <li></li> 
 
\t \t </ul> 
 
\t </div> 
 
</nav>

即使是歡迎用戶沒有在頭未來..

視圖 enter image description here

來源

2016-02-17 Vignesh Rajarajan

+0

爲什麼?選擇一個:xml或java配置。 –

+0

你的jsps渲染過嗎? –

+0

您沒有在您的'web.xml'中添加安全配置類 –

回答

1

不要混合這兩種風格的配置。選擇一個並堅持這一選擇。例如,您可以使用此java config代替:

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(securedEnabled = true) 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Override 
    @Autowired 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
       .inMemoryAuthentication() 
        .withUser("user").password("password").roles("ROLE_USER") 
        .and() 
        .withUser("admin").password("password").roles("ROLE_USER", "ROLE_FOO"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .formLogin() 
        .loginPage("/login.do") 
        .loginProcessingUrl("/login.do") 
        .usernameParameter("custom_username") 
        .passwordParameter("custom_password") 
        .failureUrl("/login.do?error=true") 
       .and() 
       .csrf() 
        .disable() 
       .authorizeRequests() 
        .antMatchers("/reports/*").hasAnyAuthority("ROLE_USER") 
        .antMatchers("/schedule/*").hasAnyAuthority("ROLE_USER", "ROLE_FOO") 
        .anyRequest().anonymous(); 
    } 
}

來源

2016-02-17 12:05:48

+0

感謝您的接觸,仍然存在問題。如果我在成功登錄後進入/ reports/*,則會再次提示登錄頁面 –

+0

任何想法或建議 –

+0

添加有關您的項目結構,視圖,配置等的更多詳細信息 –

相關問題

 相關問題