我的应用程序应该只向具有 ROLE_ADMIN 访问权限的用户显示 secret.jsp 页面,但事实并非如此。
我定义了两个用户,一个具有 ROLE_ADMIN 访问权限,另一个具有 ROLE_USER 访问权限。我有两个问题第一个问题是登录页面不起作用我可以使用任何虚拟用户名和密码访问应用程序。
另一个问题是,secret.jsp 页面对 ROLE_ADMIN 用户不可见。一旦我打开 login.jsp 页面并输入用户的凭据,它就会进入注册页面,但是当我单击秘密链接时,它会重定向到 login.jsp 页面,而不是打开 secret.jsp 页面。
我在 Struts2 上实现 SpringSecurity。
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/medics-security.xml
/WEB-INF/login-service.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
医疗安全.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns='http://www.springframework.org/schema/security'
xmlns:beans='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd'>
<beans:import resource='login-service.xml'/>
<http auto-config="true" access-denied-page="/error.jsp">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_ADMIN" />
<intercept-url pattern="/secret*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="secret" authorities="ROLE_ADMIN"/>
<user name="user" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
登录服务.xml
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd'>
</beans>
应用程序上下文.xml
<?xml version='1.0' encoding='UTF-8'?>
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:context='http://www.springframework.org/schema/context'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd'>
<context:component-scan base-package='com.myproject'/>
<bean id='internalResourceResolver'
class='org.springframework.web.servlet.view.InternalResourceViewResolver'>
<property name='prefix' value='/Web Pages/'/>
<property name='suffix' value='.jsp'/>
</bean>
<bean
class='org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping'/>
<bean class='org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter'/>
<bean id='placeholderConfig'
class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
</beans>
struts.xml
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<!-- Configuration for the default package. -->
<constant name="struts.action.extension" value="html"/>
<constant name="struts.enable.SlashesInActionNames" value="true"/>
<action name="Login" class="com.myproject.struts.Login">
<result name="SUCCESS">login.jsp</result>
</action>
<action name="Register" class="com.myproject.struts.Register">
<result name="SUCCESS">register.jsp</result>
</action>
<action name="j_spring_security_check" class="com.myproject.struts.j_spring_security_check">
<result name="SUCCESS">register.jsp</result>
</action>
注册.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>secret page</title>
</head>
<body>
<p>register</p>
<a href="secret.jsp">secret</a>
</body>
</html>
登录.jsp
<html>
<head>
</head>
<body>
<form action="j_spring_security_check.html" method="post">
<label for="j_username">Username</label>
<input type="text" name="j_username" id="j_username"/><br/>
<label for="j_password">Password</label>
<input type="password" name="j_password" id="j_password"/><br/>
<input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>
<input type="submit" value="Login"/>
<input type="reset" value="Reset"/>
</form>
</body>
</html>