彈簧安全登錄活動目錄不能正常工作

Question

我寫了一個使用Spring安全性的Spring bot web應用程序。我有兩個由兩個不同的人使用的鏈接。所以我分別爲用戶和管理員創建了三個活動目錄組。我的問題是，其中一個組中的人員能夠訪問該應用程序，但其餘兩個組無法訪問該應用程序。它表示未授權查看該頁面。

我的登錄配置是

@Configuration 
    @EnableWebMvcSecurity 
    @ComponentScan("com.books.controller") 
    public class LoginConfiguration extends WebSecurityConfigurerAdapter 
    { 
     @Override 
     protected void configure(HttpSecurity http) throws Exception 
     { 
      http 
      .authorizeRequests() 
      .antMatchers("/") 
      .hasAuthority("BookAdmin") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/rentBook") 
      .hasAuthority("RentalBook") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/buybook") 
      .hasAuthority("BuyBook") 
      .and()  
      .authorizeRequests() 
      .antMatchers("/rentBook") 
      .hasAuthority("BookAdmin") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/buyBook") 
      .hasAuthority("BookAdmin") 
     and().authorizeRequests().and().formLogin().loginProcessingUrl("/login") 
      .and().logout().permitAll() 
      .and().csrf().disable() 
      ; 
      http.headers().frameOptions().disable(); 
     } 
     @Override 
     protected void configure(AuthenticationManagerBuilder auth) throws Exception 
     { 
      auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider()); 
     } 
     @Bean 
     public AuthenticationManager authenticationManager() { 
      return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider())); 
     } 
     @Bean 
     public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() { 
      ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("xxx.klc", "ldap://klcdc03"); 
      provider.setConvertSubErrorCodesToExceptions(true); 
      provider.setUseAuthenticationRequestCredentials(true); 
      return provider; 
     } 
    } 

請找我Controller類以下。它在我的本地機器上完美運行。但是，當部署在服務器中時，它僅適用於BookAdmin組。我沒有這些羣體中的任何屬性中列出了所有的文件

package com.tgw.gift.info.controller; 

@Controller 
public class LoginController { 
    @RequestMapping("/") 
     public String home(Model model, Authentication principal) 
     { 
      Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("BookAdmin")) 
      { 
      return "index"; 
      } else { 
      return "fail"; 
      } 

     } 


    private Set<String> listAuthorties(Authentication principal) 
     { 
      Set<String> set = new HashSet<String>(); 

      for(GrantedAuthority s: principal.getAuthorities()){ 
      set.add(s.getAuthority()); 
      } 
      return set; 
     } 

    @RequestMapping("/buyBook") 
    public String printDetails(Model model, Authentication principal){ 
     Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("BuyBook")) 
      { 
       return "buyBook"; 
      } else if(authorities.contains("BookAdmin")){ 
       return "buyBook"; 
      } else{ 
       return "fail"; 
      } 
    } 

    @RequestMapping("/rentBook") 
    public String printDetails(Model model, Authentication principal){ 
     Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("RentalBook")) 
      { 
       return "rentBook"; 
      } else if(authorities.contains("RentalAdmin")){ 
       return "rentBook"; 
      } else{ 
       return "fail"; 
      } 
    } 
} 

also this works fine when run locally, but not in server. 

Answer 1

你只需要一個authorizeRequests和一個antmatcher每網址：

 http 
      .authorizeRequests() 
       .antMatchers("/").hasAuthority("BookAdmin") 
       .antMatchers("/rentBook").hasAnyAuthority("RentalBook", "BookAdmin") 
       .antMatchers("/buybook").hasAnyAuthority("BuyBook", "BookAdmin")