堆栈内存溢出
  简体   繁体   English

如何使用Spring Security在Spring xml中为一个特殊的URL一起定义ROLE_USER,ROLE_ADMIN IN?

[英]How to defined ROLE_USER,ROLE_ADMIN IN together for one spefic url in spring xml using spring security?

 原文  2016-05-12 11:15:46       java/ spring/ jsp/ spring-mvc/ spring-security

问题描述

I am Using spring security for login and logout with multiple users with different rolls I have set the two uers to acces the dba url for admin and dba but I access the Url 我正在使用Spring Security与具有不同身份的多个用户进行登录和注销,我已经将两个uer设置为访问admin和dba的dba url,但是我访问了网址 

http://localhost:8080/secu_fin_ano/dba

It redirects to the default spring login form after entering the admin uername and password of the admin its redirects page to the /access-denied that i have defined in security.xml 输入管理员的管理员用户名和密码后,它会重定向到默认的spring登录表单,其重定向页面将指向我在security.xml中定义的/ access-denied

code for security.xml: security.xml的代码: 

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">


    <http auto-config="true" >
        <intercept-url pattern="/" access="permitAll" />
        <intercept-url pattern="/home" access="permitAll" />
        <intercept-url pattern="/admin**" access="hasRole('ADMIN')" />
        <intercept-url pattern="/dba**" access="hasRole('ADMIN') and hasRole('DBA')" />
        <access-denied-handler error-page="/Access_Denied" />
        <form-login  authentication-failure-url="/Access_Denied" />
    </http>

    <authentication-manager >
        <authentication-provider>
            <user-service>
                <user name="bill"  password="abc123"  authorities="ROLE_USER" />
                <user name="admin" password="root123" authorities="ROLE_ADMIN" />
                <user name="dba"   password="root123" authorities="ROLE_ADMIN,ROLE_DBA" />
            </user-service>
        </authentication-provider>
    </authentication-manager>


</beans:beans>

1 个解决方案

解决方案1
 0  2016-05-12 12:20:55

i have solved my problem by using 我已经通过使用解决了我的问题 

 <intercept-url pattern="/dba**" access="hasAnyRole('ADMIN','DBA')" />

in security.xml instead of 在security.xml中而不是 

<intercept-url pattern="/dba**" access="hasRole('ADMIN') and hasRole('DBA')" />

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在spring security taglib中不提及hasRole('ROLE_ADMIN') - How to mention not of hasRole('ROLE_ADMIN') in spring security taglib 表中的Spring Security ROLE_USER - Spring security ROLE_USER from Tables Spring Security 基于角色的身份验证 - 403 Forbidden 尽管用户具有 ROLE_ADMIN - Spring Security role based authentication - 403 Forbidden although user has ROLE_ADMIN Spring Security,访问权限=“ ROLE_ADMIN”与访问权限=“ hasAnyRole(&#39;ROLE_ADMIN&#39;) - Spring Security , access=“ROLE_ADMIN” Vs access="hasAnyRole('ROLE_ADMIN') Spring Security不能与“hasRole('ROLE_ADMIN')”或ROLE_ADMIN一起使用 - Spring Security does not work with “hasRole('ROLE_ADMIN')” or ROLE_ADMIN @Secured({“ ROLE_USER”,“ ROLE_ADMIN”})的确切含义 - What does @Secured({ “ROLE_USER”, “ROLE_ADMIN” }) exactly means Spring拦截url配置中ROLE_USER和ROLE_ANONYMOUS有什么区别? - What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration? Java Spring Security AccessDecisionManager:UnanimousBased无法解析表达式&#39;ROLE_ADMIN,IS_AUTHENTICATED_FULLY&#39; - Java Spring Security AccessDecisionManager: UnanimousBased Failed to parse expression 'ROLE_ADMIN, IS_AUTHENTICATED_FULLY' 它让我失望500无法在spring security中评估表达式&#39;ROLE_USER&#39; - It throws me 500 Failed to evaluate expression 'ROLE_USER' in spring security Spring Security 4未​​分配管理员角色 - Spring Security 4 Not assigning admin role
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM