2
我目前正在遷移到春季第4節,但有麻煩。 這些是我下面的設置。遷移到春季安全4得到訪問deinied頁
我的security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Exclude all files and folders under resources for security -->
<security:http pattern="/resources/**" security="none" />
<security:http auto-config="true" disable-url-rewriting="false">
<security:headers disabled="true"/>
<security:csrf disabled="true"/>
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/**" access="hasAnyRole('RS001', 'RS002', 'RS003')"/>
<security:form-login login-page="/login"/>
<security:logout logout-success-url="/login"/>
</security:http>
<bean id="userDetailService" class="vm.security.UserDetailServiceImpl" />
<!-- For hashing and salting the password -->
<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<security:authentication-manager>
<security:authentication-provider ref="authProvider"></security:authentication-provider>
</security:authentication-manager>
<bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailService" />
<property name="passwordEncoder" ref="encoder" />
</bean>
<!-- To load the message properties for overwrite default spring security error message -->
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:message"/>
</bean>
</beans>
定製UserDetailSevice
package vm.security;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import vm.data.dto.VmAccount;
import vm.data.dto.VmSystemResource;
import vm.exception.VmException;
import vm.service.AuditLogService;
import vm.service.UserAccountService;
import vm.util.PropertiesConstants;
public class UserDetailServiceImpl implements UserDetailsService {
private static final Logger logger= Logger.getLogger(UserDetailServiceImpl.class);
@Autowired
private AuditLogService auditLogService;
@Autowired
private PropertiesConstants propertiesConstants;
@Autowired
private UserAccountService userAccountService;
@Override
public UserDetails loadUserByUsername(String userid) throws UsernameNotFoundException{
try{
VmAccount account = userAccountService.getVmAccountById(userid);
if(account != null){
List<VmSystemResource> systemResourceList = userAccountService.getUserSystemResources(userid);
List<GrantedAuthority> roles= new ArrayList<GrantedAuthority>();
for(VmSystemResource resource : systemResourceList)
roles.add(new SimpleGrantedAuthority(resource.getResourceId()));
UserDetails user = new User(account.getUserid(), account.getPwd(), (account.getStatus().equals(propertiesConstants.getCoreStatusActive()) ? true : false), true, true, true, roles);
logger.info(roles);
auditLogService.addAuditDetails(userid, new Date(), propertiesConstants.getAuthentication(), propertiesConstants.getLoginSucceed());
return user;
}
throw new UsernameNotFoundException(userid + " not found.");
}catch (VmException ce){
logger.error(ce.getErrorCode(),ce);
throw new UsernameNotFoundException(ce.getErrorCode() + ":userid object is null");
}
}
}
的Login.jsp
<!DOCTYPE html>
<html lang="en">
<head>
<link href="${pageContext.request.contextPath}/resources/css/bootstrap-3.3.4.min.css" rel="stylesheet">
<style type="text/css">
/* For nav header not to overlap*/
body {
padding-top:150px;
background-color: #eee;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-body">
<form id="creForm" class="form-horizontal" method="post" action="${pageContext.request.contextPath}/login">
<div id="errPanel" class="form-group">
<div class="col-xs-8 col-xs-offset-3">
<span style="color: red;">${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
</div>
</div>
<div class="form-group">
<label class="col-xs-4 control-label" for="userid">USERID:</label>
<div class="col-xs-6">
<input name="username" type="text" class="form-control" placeholder="USERID" />
</div>
</div>
<div class="form-group">
<label class="col-xs-4 control-label" for="name">PASSWORD:</label>
<div class="col-xs-6">
<input name="password" type="password" class="form-control" placeholder="PASSWORD" />
</div>
</div>
<div class="form-group">
<div class="col-xs-6 col-xs-offset-4">
<button type="submit" class="btn btn-primary">SIGN IN</button>
</div>
</div>
</form>
</div>
<div class="panel-footer">
</div>
</div>
</div>
</div>
</div>
</body>
</html>
我的問題是,當我與老版本的Spring Security 3.2.7替換它工作正常。 但彈簧安全4總是導致我訪問被拒絕的頁面。 希望有人能幫助我。
檢查你的依賴你加入。可能是罐子與'spring security 3.2.7'不兼容。 –
你有自定義的登錄頁面嗎?如果是這樣,請確保相應地更改了URL和輸入字段...(默認值已更改)。 –
@VigNesh我使用spring mvc 4.1.6和spring security 4.0.2。另外我只是把我需要的每一個依賴。 – RiceBunny