2017-05-03 71 views
-2

你好我有春天的MVC webb應用程序,並使用jdbc用戶服務作爲身份驗證管理器。我把一切都配置後成功登錄IM重定向到../首頁(我應該是),它應該寫我的名字,但相反,它寫「訪問被拒絕」成功登錄後,Spring MVC安全訪問被拒絕

的Spring XML文件 `

<http auto-config="true"> 
    <intercept-url pattern="/home" access="hasRole('ROLE_USER, ROLE_ADMIN')"/> 
    <intercept-url pattern="/home/**" access="hasRole('ROLE_USER, ROLE_ADMIN')"/> 
    <intercept-url pattern="/" access="permitAll"/> 
    <intercept-url pattern="/login" access="permitAll"/> 


    <form-login 
     login-processing-url="/j_spring_security_check" 
     login-page="/login" 
     authentication-success-handler-ref="authenticationSucessHandler" 
     authentication-failure-url="/login/error" 
     username-parameter="userName" 
     password-parameter="userPassword" 
     always-use-default-target="true"/> 
    <logout 
    invalidate-session="true" 
    delete-cookies="JSESSIONID"/> 
    <csrf /> 
    <headers> 
     <frame-options policy="SAMEORIGIN"/> 
    </headers> 
</http> 

<beans:bean name="authenticationSucessHandler" class="sk.icz.log.viewer.security.AuthenticationSuccessHnadler"/> 

<authentication-manager> 
    <authentication-provider> 

     <jdbc-user-service 
       data-source-ref="dataSource" 
       users-by-username-query="select username, pass, enable from PUBLIC.users where username=?" 
       authorities-by-username-query="select username, rol from PUBLIC.user_roles where username=?" 
     /> 
    </authentication-provider> 
</authentication-manager> 

<jdbc:embedded-database id="dataSource" type="HSQL"> 
    <jdbc:script location="classpath:db/schemaCreate.sql"/> 
    <jdbc:script location="classpath:db/addUser.sql"/> 
</jdbc:embedded-database> 

<beans:bean id="jdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate"> 
    <beans:constructor-arg ref="dbcpDataSource"/> 
</beans:bean> 

<beans:bean id="dbcpDataSource" class="org.apache.commons.dbcp2.BasicDataSource" 
     destroy-method="close"> 
    <beans:property name="driverClassName" value="org.hsqldb.jdbcDriver" /> 
    <beans:property name="url" value="jdbc:hsqldb:mem:dataSource" /> 
    <beans:property name="username" value="sa" /> 
    <beans:property name="password" value="" /> 
</beans:bean> 

<beans:bean depends-on="dataSource" class="org.springframework.beans.factory.config.MethodInvokingBean"> 
    <beans:property name="targetClass" value="org.hsqldb.util.DatabaseManagerSwing"/> 
    <beans:property name="targetMethod" value="main"/> 
    <beans:property name="arguments"> 
     <beans:list> 
      <beans:value>--url</beans:value> 
      <beans:value>jdbc:hsqldb:mem:SKUSKA</beans:value> 
      <beans:value>--user</beans:value> 
      <beans:value>sa</beans:value> 
      <beans:value>--password</beans:value> 
      <beans:value></beans:value> 
     </beans:list> 
    </beans:property> 
</beans:bean> 

`

schema_create.sql

create table users(
    username varchar(20), 
    pass varchar(20), 
    enable int 
); 
create table user_roles(
    username varchar(20), 
    rol varchar(20) 
); 

addUser.sql

insert into users values('admin', '123', 1); 

insert into user_roles values('admin', 'ROLE_USER'); 

我沒有創建的情況下,PFKeys關係數據庫我只是想試試這個(我知道數據庫建造錯)

回答

1

編輯

hasAnyRole(角色列表) - 如果用戶已被授予任何指定的角色(作爲逗號分隔的字符串列表),則爲true。

當使用hasRole春天期待一個角色,在你的情況下,你會想要使用hasAnyRole並提供多個角色。最重要的是,你錯過了報價。修改這兩條線,看看它是否解決您的問題:

變化來自:

<intercept-url pattern="/home" access="hasRole('ROLE_USER, ROLE_ADMIN')"/> 
<intercept-url pattern="/home/**" access="hasRole('ROLE_USER, ROLE_ADMIN')"/> 

要:

<intercept-url pattern="/home" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/> 
    <intercept-url pattern="/home/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>