0
我遇到了Spring Security的問題。我創建了3個角色(ROLE_ADMIN,ROLE_MOD,ROLE_USER)。我使用密碼和用戶名保留數據庫中的角色。在JSP中,我爲所有角色創建了3個不同的菜單。在所有菜單中,有3行重複「/ messages」,「/ profile」,「/ logout」。如果我登錄爲MOD或USER,則一切正常,但如果我以ADMIN身份登錄,則無法訪問「/ messages」和「/ profile」。Spring Security - 角色無法正常工作
我的配置或jsp有什麼問題?
安全配置:JSP的
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/"
,"/tutorials"
,"/search"
,"/about"
,"/contact"
,"/register",
"/css/*",
"/js/*",
"/img/*")
.permitAll()
.antMatchers(
"/messages",
"/profile",
"/logout",
"/newsmanager",
"/tutorialsmanager",
"/usersmanager",
"/sendemails"
)
.hasRole("ADMIN")
.antMatchers(
"/suggestnews",
"/suggesttutorial",
"/messages",
"/profile",
"/logout"
)
.hasRole("MOD")
.antMatchers(
"/messages",
"/profile",
"/logout"
)
.hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.permitAll();
//@formatter:on
}
片段:
<sec:authorize access="hasRole('ROLE_ADMIN')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu1">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="/tutorialsmanager">Tutorials manager</a></li>
<li><a href="/newsmanager">News manager</a></li>
<li><a href="/usersmanager">Users manager</a></li>
<li><a href="/sendemails">Send emails</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
<!-- APPEARED FOR ROLE_USER -->
<sec:authorize access="hasRole('ROLE_USER')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu2" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu2">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
<!-- APPEARED FOR ROLE_MOD -->
<sec:authorize access="hasRole('ROLE_MOD')">
<button class="btn btn-default dropdown-toggle" type="button"
id="dropdownMenu3" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
Account <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="dropdownMenu3">
<li><a href="/messages">Messages</a></li>
<li><a href="/profile">Profile</a></li>
<li role="separator" class="divider"></li>
<li><a href="/suggestnews">Suggest a news</a></li>
<li><a href="/suggesttutorial">Suggest a tutorial</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:$('#logoutForm').submit();">Log
out</a></li>
</ul>
</sec:authorize>
'hasRole'從前面修剪'ROLE_'。你在一個地方使用'USER',在另一個地方使用'ROLE_USER'。 – chrylis
我改變了它,但仍然沒有工作。 – DEADALICE7000
您是否也可以共享控制檯日誌。 –