嗨,我是Spring MVC的新手,当我试图使用Spring安全模块设计登录页面时。它的身份验证正确并转发到公共页面。但另一方面,如果我直接访问URl:host/testApp/krams/main/common,它会在不登录的情况下打开。然而,我尝试使用"method=RequestMethod.POST",但我得到了类似"HTTP状态405-请求方法'get'不受支持"的错误。我在WEB-INF下的所有Jsp页面,因为我不想在没有登录的情况下直接访问任何页面。请帮助我理解这个概念。请查看下面的代码。
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(@RequestParam(value="error", required=false) boolean error,
ModelMap model) {
logger.debug("Received request to show login page");
if (error == true) {
// Assign an error message
model.put("error", "You have entered an invalid username or password!");
} else {
model.put("error", "");
}
return "loginpage";
}
@RequestMapping(value = "/common", method = RequestMethod.POST)
public String getCommonPage() {
logger.debug("Received request to show common page");
System.out.println("---------From getCommonPage ---------");
// This will resolve to /WEB-INF/jsp/commonpage.jsp
return "commonpage";
}
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
有关身份验证,请参阅此处
AuthenticationInterceptor.java
package com.sivalabs.web.controllers;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.sivalabs.entities.User;
@Component
public class AuthenticationInterceptor extends HandlerInterceptorAdapter
{
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception
{
String uri = request.getRequestURI();
if(!uri.endsWith("login.do") && !uri.endsWith("logout.do"))
{
User userData = (User) request.getSession().getAttribute("LOGGEDIN_USER");
if(userData == null)
{
response.sendRedirect("login.do");
return false;
}
}
return true;
}
}
WEB-INF/调度器servlet.xml
<beans>
<context:annotation-config/>
<context:component-scan base-package="com.sivalabs"/>
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<ref bean="authenticationInterceptor"/>
</property>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp"/>
</beans>
现在,如果我们尝试在不登录应用程序的情况下访问任何其他URL,它将自动重定向到登录页面。
对于授权,您可以使用UserRoleAuthorizationInterceptor
参见此处
用法
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping">
<property name="interceptors" ref="authorizationInterceptor"/>
</bean>
<bean id="authorizationInterceptor"
class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
<property name="authorizedRoles" value="administrator,operator"/>
</bean>