[英]configuring spring-security and spring-mvc
I'm trying to configure my spring-security project for first time but when I try to login I receive a message: "ERR_TOO_MANY_REDIRECTS". 我正在尝试首次配置我的spring-security项目,但是当我尝试登录时,收到一条消息:“ ERR_TOO_MANY_REDIRECTS”。 May be somewhere under the hood it redirects to admin again, but where?
可能在引擎盖下的某个地方,它再次重定向到管理员,但是在哪里? here is my spring-security.xml:
这是我的spring-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
<http use-expressions="true" >
<csrf disabled="true"/>
<intercept-url pattern="/admin" access="hasRole('Admin')" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<access-denied-handler error-page="/403" />
<form-login login-page='/login' login-processing-url="/login" authentication-failure-url="/login?error=true"
username-parameter="username" password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/logoutSuccessful" delete-cookies="JSESSIONID" invalidate-session="true" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="myDataSource"
users-by-username-query= "select login, password, 'true' from employee where login=?"
authorities-by-username-query= "select login, role from employee where login =? " />
</authentication-provider>
</authentication-manager>
<beans:import resource="data-source-cfg.xml"/>
</beans:beans>
controller class: 控制器类:
@Controller
@RequestMapping("/")
public class HelloController {
@RequestMapping(method = RequestMethod.GET)
public String printWelcome(ModelMap model) {
return "login";
}
@RequestMapping(value="/admin", method = RequestMethod.GET)
public String showAdmin(ModelMap model) {
return "admin";
}
@RequestMapping(value="/login", method=RequestMethod.GET)
public String enter(@ModelAttribute("employee") Employee employee, ModelMap model){
return "redirect:/admin";
}
...
Table with user's login and role looks like: 具有用户登录名和角色的表如下所示:
Employee
|id|login |password |first_name|last_name|mobile_phone|role |
|1 |login1 |password1 |name1 |lname1 |phone1 |User |
|2 |login2 |password2 |name2 |lname2 |phone2 |Admin |
spring security version is 4.0.3. spring安全版本是4.0.3。 This is my first experience with spring-mvc and spring-security so the question may be noobie.
这是我对spring-mvc和spring-security的初次体验,所以问题可能不大。 What is wrong?
怎么了?
The problem is you are simply redirecting to the admin page on the /login resource, which is where it will send people if they are not logged in. Since /admin requires a specific role, it will try to go to the login page if the user is not logged in which you have redirecting back to the admin page, thus creating a loop. 问题是您只是重定向到/ login资源上的admin页面,如果未登录,它将在该页面发送人员。由于/ admin需要特定角色,因此如果/ admin需要特定角色,它将尝试转到登录页面。用户未登录,您已将其重定向回到管理页面,从而创建了一个循环。
You want to return a view and not redirect back to the admin page. 您想返回一个视图,而不是重定向回管理页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.