两个问题:
问题1:
我的applicaitonContext-security.xml文件中有以下内容:
<security:http auto-config="true" access-denied-page="/denied.jsf" servlet-api-provision="false">
<security:intercept-url pattern="/denied.jsf" filters="none" />
<security:intercept-url pattern="/login.jsf" filters="none" />
<security:intercept-url pattern="/redirect.html" filters="none" />
<security:intercept-url pattern="/images/**" filters="none" />
<security:intercept-url pattern="/a4j_resource/**" filters="none" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:form-login login-page="/login.jsf" authentication-failure-url="/login.jsf" default-target-url="/redirect.html" />
<security:logout />
</security:http>
但是当我去时,http://localhost:8080/summary/projects.jsf我不会被重定向到login.jsf页面。有任何想法吗。
问题2:
在projects.xhtml我的页面中
<rich:comboBox value="#{projectUiService.coordinatorSelected}" directInputSuggestions="true" defaultLabel="Enter Co-ordinator" >
在getCoordinatorSelected我拥有的方法上,@RolesAllowed("READ_PROJECT")但我得到的只是错误:
AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
当用户未登录时,如何让 Spring 重定向到登录页面,denied.jsf如果用户没有正确的权限,如何让它重定向到页面?
在过去的 6 小时里,我环顾四周并尝试了大量的日志记录,但找不到解决方案。任何指针将不胜感激。
谢谢