假设我有/admin
和/login
网站。用户想要访问受/admin
保护的站点(需要登录)。在登录用户被重定向到后,Spring Security 向用户询问信用default-target-url
。接下来,他尝试转到/admin
并再次查看登录表单。怎么了?
春窗需要登录网站,我无法进入网站。
配置
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>
<security:form-login default-target-url="/succes"/>
<security:session-management/>
</security:http>
<bean id="service" class="com.springapp.mvc.dao.HibernateService"/>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<property name="userPropertyToUse" value="username"></property>
</bean>
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
<security:authentication-manager>
<security:authentication-provider user-service-ref="service">
<security:password-encoder hash="md5">
<security:salt-source ref="saltSource"/>
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>