春季安全 - 我如何指定我的web應用程序的匿名角色根頁

Question

默認網址是http://localhost:8080/Icd/

我想顯示我的自定義登錄頁面，這是/index.jsp。

但是，當我配置彈簧安全性這樣做時，我得到了太多的重定向問題。在security.xml文件中的代碼下面。

讓我知道如果我失去了一些東西。

<security:http auto-config="true" > 

     <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" /> 
    <security:intercept-url pattern="/*" access="ROLE_USER" /> 
    <security:form-login login-page="/index.jsp" /> 
</security:http> 
<security:authentication-provider> 
    <security:user-service> 
     <security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" /> 
     <security:user name="alex" password="alex" authorities="ROLE_USER" /> 
    </security:user-service> 
</security:authentication-provider> 

Answer 1

嘗試指定類似下面的配置：

<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" > 

    <security:intercept-url pattern="/krams/auth/login" access="permitAll"/> 
    <security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/> 
    <security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/> 

    <security:form-login 
    login-page="/krams/auth/login" 
    authentication-failure-url="/krams/auth/login?error=true" 
    default-target-url="/krams/main/common"/> 

    <security:logout 
    invalidate-session="true" 
    logout-success-url="/krams/auth/login" 
    logout-url="/krams/auth/logout"/> 

</security:http> 

這一個使用自定義的登錄頁面。欲瞭解更多信息，可以查看在http://krams915.blogspot.com/2010/12/spring-security-3-mvc-using-simple-user.html

Answer 2

完整的應用程序當你把

<security:intercept-url pattern="/*" access="ROLE_USER" /> 

你是說，每一個頁面需要ROLE_USER訪問（其中包括登錄頁面本身）

這（未經測試）可能會訣竅：

<security:intercept-url pattern="/index.jsp" access="permitAll"/> 
<security:intercept-url pattern="/*" access="ROLE_USER" />