2016-10-23 89 views
0

我遇到了Spring Security的問題。我創建了3個角色(ROLE_ADMIN,ROLE_MOD,ROLE_USER)。我使用密碼和用戶名保留數據庫中的角色。在JSP中,我爲所有角色創建了3個不同的菜單。在所有菜單中,有3行重複「/ messages」,「/ profile」,「/ logout」。如果我登錄爲MOD或USER,則一切正常,但如果我以ADMIN身份登錄,則無法訪問「/ messages」和「/ profile」。Spring Security - 角色無法正常工作

我的配置或jsp有什麼問題?

安全配置:JSP的

@Override 
protected void configure(HttpSecurity http) throws Exception { 
    //@formatter:off 
    http 
     .authorizeRequests() 
      .antMatchers("/" 
        ,"/tutorials" 
        ,"/search" 
        ,"/about" 
        ,"/contact" 
        ,"/register", 
        "/css/*", 
        "/js/*", 
        "/img/*") 
      .permitAll() 
      .antMatchers(
        "/messages", 
        "/profile", 
        "/logout", 
        "/newsmanager", 
        "/tutorialsmanager", 
        "/usersmanager", 
        "/sendemails" 
        ) 
       .hasRole("ADMIN") 
      .antMatchers(
        "/suggestnews", 
        "/suggesttutorial", 
        "/messages", 
        "/profile", 
        "/logout" 
        ) 
       .hasRole("MOD") 
      .antMatchers(
        "/messages", 
        "/profile", 
        "/logout" 
        ) 
       .hasRole("USER") 
      .and() 
     .formLogin() 
      .loginPage("/login") 
      .defaultSuccessUrl("/") 
      .permitAll() 
      .and() 
     .logout() 
      .permitAll(); 

    //@formatter:on   
} 

片段:

<sec:authorize access="hasRole('ROLE_ADMIN')"> 
     <button class="btn btn-default dropdown-toggle" type="button" 
      id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true" 
      aria-expanded="true"> 
      Account <span class="caret"></span> 
     </button> 
     <ul class="dropdown-menu" aria-labelledby="dropdownMenu1"> 
      <li><a href="/messages">Messages</a></li> 
      <li><a href="/profile">Profile</a></li> 
      <li role="separator" class="divider"></li> 
      <li><a href="/tutorialsmanager">Tutorials manager</a></li> 
      <li><a href="/newsmanager">News manager</a></li> 
      <li><a href="/usersmanager">Users manager</a></li> 
      <li><a href="/sendemails">Send emails</a></li> 
      <li role="separator" class="divider"></li> 
      <li><a href="javascript:$('#logoutForm').submit();">Log 
        out</a></li> 
     </ul> 
</sec:authorize> 

    <!-- APPEARED FOR ROLE_USER --> 
<sec:authorize access="hasRole('ROLE_USER')"> 
     <button class="btn btn-default dropdown-toggle" type="button" 
      id="dropdownMenu2" data-toggle="dropdown" aria-haspopup="true" 
      aria-expanded="true"> 
      Account <span class="caret"></span> 
     </button> 
     <ul class="dropdown-menu" aria-labelledby="dropdownMenu2"> 
      <li><a href="/messages">Messages</a></li> 
      <li><a href="/profile">Profile</a></li> 
      <li role="separator" class="divider"></li> 
      <li><a href="javascript:$('#logoutForm').submit();">Log 
        out</a></li> 
     </ul> 
</sec:authorize> 

    <!-- APPEARED FOR ROLE_MOD --> 
<sec:authorize access="hasRole('ROLE_MOD')"> 
     <button class="btn btn-default dropdown-toggle" type="button" 
      id="dropdownMenu3" data-toggle="dropdown" aria-haspopup="true" 
      aria-expanded="true"> 
      Account <span class="caret"></span> 
     </button> 
     <ul class="dropdown-menu" aria-labelledby="dropdownMenu3"> 
      <li><a href="/messages">Messages</a></li> 
      <li><a href="/profile">Profile</a></li> 
      <li role="separator" class="divider"></li> 
      <li><a href="/suggestnews">Suggest a news</a></li> 
      <li><a href="/suggesttutorial">Suggest a tutorial</a></li> 
      <li role="separator" class="divider"></li> 
      <li><a href="javascript:$('#logoutForm').submit();">Log 
        out</a></li> 
     </ul> 
</sec:authorize> 
+0

'hasRole'從前面修剪'ROLE_'。你在一個地方使用'USER',在另一個地方使用'ROLE_USER'。 – chrylis

+0

我改變了它,但仍然沒有工作。 – DEADALICE7000

+0

您是否也可以共享控制檯日誌。 –

回答

0

嗯,我已經成功地解決我的問題。我更改了配置文件,消息和註銷的權限。現在所有經過身份驗證的用戶都可以訪

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    //@formatter:off 
    http 
     .authorizeRequests() 
      .antMatchers("/" 
       ,"/tutorials" 
       ,"/search" 
       ,"/about" 
       ,"/contact" 
       ,"/register", 
       "/css/*", 
       "/js/*", 
       "/img/*") 
        .permitAll() 
      .antMatchers(
       "/suggestnews", 
       "/suggesttutorial") 
        .hasRole("MOD") 
      .antMatchers(
       "/newsmanager", 
       "/tutorialsmanager", 
       "/usersmanager", 
       "/sendemails" 
        .hasRole("ADMIN") 
      **.antMatchers(
       "/messages", 
       "/profile", 
       "/logout") 
      .authenticated()** 
       .and() 
      .formLogin() 
       .loginPage("/login") 
       .defaultSuccessUrl("/") 
       .permitAll() 
       .and() 
      .logout() 
       .permitAll(); 

     //@formatter:on  
}