我的要求很简单:
- 我希望只有在用户登录时才能访问我的所有链接
- 如果用户未登录,将他重定向到登录页面
自己想想应该不会太难。我以前这样做过,但我自己编程。这次我们正在做一个新项目,我决定试一试。
除了我在项目中使用的 spring 依赖项之外 spring 安全依赖项:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springsecurity-version}</version>
</dependency>
${org.springsecurity-version}在哪里3.0.4.RELEASE。这是我的重要部分web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:security-app-context.xml
/WEB-INF/spring/root-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我的security-app-context.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http once-per-request="false" auto-config="false">
<!-- All other resources to require users to have user role USER_ROLE to view -->
<intercept-url pattern="/*" access="ROLE_USER" />
<!-- Don't apply any filters to the login form either, we want unauthenticated users to be able to see this -->
<intercept-url pattern="/login" filters="none" />
<anonymous />
<http-basic />
<form-login login-page="/login"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="myUserDetailsService" />
</authentication-manager>
<!-- I've defined a custom UserDetails service to lookup users in my db using me own implementation -->
<beans:bean id="myUserDetailsService" class="fully.qualified.class.name.MyUserDetailsService">
<!--<beans:property name="userServ" ref="UserService" /> -->
</beans:bean>
</beans:beans>
这是我的控制器(显示我只想登录用户查看的仪表板页面):
@Controller
@RequestMapping("main")
public class DashboardController {
@RequestMapping("start")
public String getDashboard(){
return "dashboard";
}
}
我的登录控制器(显示登录的方法):
@RequestMapping("/login")
public String getLogin(){
return "login";
}
我没有例外。它只是不符合我上面描述的方式。唯一不能正常工作的东西,我无法打开登录页面。我收到消息说它找不到。但是当我将登录控制器方法更改为:
@RequestMapping("/login/me")
public String getLogin(){
return "login";
}
我的登录页面确实打开了。我不确定我做错了什么。我找到了几页,每页都有一些东西,但我无法拿起。我看着 :
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html http://blog.richardadamdean.com/?p=213 https://cwiki.apache .org/WICKET/spring-security-and-wicket-auth-roles.html http://springinpractice.com/2008/10/11/hashing-and-salting-passwords-with-spring-security-2/ http: //www.codercorp.com/blog/spring/security-spring/writing-custom-userdetailsservice-for-spring-security.html http://static.springsource.org/spring-security/site/tutorial.html
感谢您的任何提示!