nexthome

nexthome

关注
发信
关注(28)粉丝(399)

java - 如何使用拦截URL模式和访问?

我正在使用Spring安全性,但我不太清楚拦截URL是如何工作的。这是我的 Spring 安全配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd">

    <!-- configuration des urls  -->
    <security:http auto-config="true">
        <security:intercept-url pattern="/*" access="ROLE_USER" />
        <security:form-login/>
    </security:http>


    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="authenticationProvider" />
    </security:authentication-manager>

    <bean id="authenticationProvider"
       class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>

    <bean id="userDetailsService"
        class="com.nexthome.app.security.UserDetailsServiceImpl" />


</beans>

使用此配置,我无法通过未经身份验证的访问。因此,在访问url时http://localhost:8080/nexthome将显示spring登录表单(http://localhost:8080/nexthome/spring_security_login)。
但是当我更改为时。我无需登录即可访问http://localhost:8080/nexthome/user/login

我的目的是保护一些网址:
http://localhost:8080/nexthome  all people must access
http://localhost:8080/nexthome/login  all people must access ( how to display spring login form when trying to access the url?)
http://localhost:8080/nexthome/logout  access to ROLE_USER and ROLE_ADMIN

谢谢你的帮助

最佳答案

security:intercept-url标记上的pattern属性使用Ant paths。在这种语法下,.除了文字.之外没有任何意义。因此,该模式很可能不会被Spring安全性识别并被忽略。

如果您想要求/nexthome/logout url而不是/nexthome/login/nexthome进行身份验证,则可以使用以下配置:

<security:http auto-config="true">
    <intercept-url pattern="/nexthome" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/nexthome/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/nexthome/logout" access="ROLE_USER,ROLE_ADMIN" />
    <security:form-login/>
</security:http>

09-09 20:31
Powered by LMLPHP ©2024 nexthome 0.023995