为什么Spring Security无法运行? [英] Why is Spring Security not working?
问题描述
我正在尝试将Spring Security集成到我的项目中。
I am trying to integrate Spring Security in my project.
我已按照此处给出的文档:
https://spring.io/guides/gs/securing-web/
I have followed the documentation given here: https://spring.io/guides/gs/securing-web/
我使用Spring Boot配置了一切XML。
Instead of Spring Boot, I have configured everything using XML.
我的 web.xml
是:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
dispatcher-servlet.xml
:
<context:component-scan base-package="com.name.ot" />
<bean id="resolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".jsp" />
</bean>
我的视图控制器是:
@Controller
public class HomeController{
@RequestMapping(value={"/", "/home"}, method = RequestMethod.GET)
public ModelAndView home() {
ModelAndView model = new ModelAndView("home");
return model;
}
@RequestMapping(value={"/hello"}, method = RequestMethod.GET)
public ModelAndView hello() {
ModelAndView model = new ModelAndView("hello");
return model;
}
@RequestMapping(value={"/login"}, method = RequestMethod.GET)
public ModelAndView login() {
ModelAndView model = new ModelAndView("login");
return model;
}
}
我的安全等级:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
但是,我可以访问所有页面, /
, / home
, / hello
, / login
。
But, I am able to access all the pages, /
, /home
, /hello
, /login
.
我不希望用户直接访问 / hello
,没有进入 / login
。
I don't want the user to directly access /hello
, without going in /login
.
我做错了什么?
推荐答案
我遇到了同样的问题。
我的解决方案如Spring in行动Craig Walls的书p247。您需要创建一个扩展AbstractSecurityWebApplicationInitializer的空类。
My solution is as mentioned in the "Spring in action" book by Craig Walls p247. You need to create an empty class that extends AbstractSecurityWebApplicationInitializer.
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {}
这篇关于为什么Spring Security无法运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!