有人可以帮我解决春季安全问题吗?我在视图下有两个文件夹 1:所有用户 2:超级用户 所有用户都有 hasRole("ROLE_USER") 并且超级用户有:haseRole("ROLE_ADMIN","ROLE_USER") 我希望当用户登录后如何将 ROLE_ADMIN 重定向到正确的文件夹,即超级用户的文件夹和只有 ROLE_USER 的文件夹到所有用户的文件夹。不知道我该怎么做。
弹簧安全.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org /2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true" use-expressions="true">
<!-- interceptor pages -->
<intercept-url pattern="/**" access="permitAll" />
<intercept-url pattern="/index" access="permitAll" />
<intercept-url pattern="/allusers/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/superusers/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/denied" access="permitAll" />
<intercept-url pattern="/getAllUsers" access="hasRole('ROLE_ADMIN')" />
<access-denied-handler error-page="/403" />
<form-login login-page="/index" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username,password,'true' AS isEnabled from USER where USERNAME=?"
authorities-by-username-query="
select u.username ,r.`ROLE_NAME`,u.`PASSWORD` from USER u, USER_ROLE ur,ROLE r where (u.user_id = ur.user_id)
and (r.role_id=ur.role_id) and u.username =? " />
</authentication-provider>
</authentication-manager>
这是我的 mvc-dispatcher.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.secure.weblayer" />
<mvc:annotation-driven />
<context:annotation-config />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<!-- <property name="prefix" value="/WEB-INF/views/allusers/" />-->
<!-- <property name="prefix" value="/WEB-INF/views/superusers" />-->
<property name="suffix" value=".jsp" />
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames" value="mymessages"></property>
</bean>
<bean
class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
</beans>
如您所见,我在 spring-security.xml 中使用 sql-query 进行登录。我可以登录但无法重定向到任何所需的页面。但是当我在 xml 文件中将属性更改为:property name="prefix" value="/WEB-INF/views/allusers"
或:property name="prefix" value="/WEB-INF/views/superusers" 我可以访问这些文件夹中的所有页面,但不能同时访问。
请问有什么帮助吗?