I am having troubles when trying to log in my application using Spring Security, no matter what I do it always redirects me to the JSP I use for non-authorized access.
On the configuration of security-config.xml
I tried hasRole('ROLE_USER')
and permitAll
and none of them worked either.
security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http>
<intercept-url pattern="/user/**" access="hasAnyRole('ROLE_USER') />
<form-login login-page="/customLogin.jsp"
login-processing-url="/appLogin"
username-parameter="app_username"
password-parameter="app_password"
default-target-url="/user/home" />
<logout
logout-url="/appLogout"
logout-success-url="/customLogin.jsp" />
<access-denied-handler error-page="/user/error" />
</http>
<beans:bean name="bcryptEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<beans:bean name="myAppUserDetailsService"
class="com.prh.tracking.services.impl.UserDetailsServiceImpl" />
<beans:bean name="userService"
class="com.prh.tracking.services.impl.UserServiceImpl" />
<authentication-manager>
<authentication-provider
user-service-ref="myAppUserDetailsService">
<password-encoder ref="bcryptEncoder" />
</authentication-provider>
</authentication-manager>
<global-method-security
secured-annotations="enabled" />
</beans:beans>
UserController.java
@Controller
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value="/home")
public String home(ModelMap model, Authentication authentication) {
authentication.getPrincipal();
model.addAttribute("user", userService.getUser(authentication.getName()));
return "user-info";
}
@RequestMapping(value="/error")
public String error() {
return "access-denied";
}
}
UserDetailsServiceImpl.java
@Service
public class UserDetailsServiceImpl implements UserDetailsService{
@Autowired
private UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserEntity user = userDAO.getUser(username);
GrantedAuthority authority = new SimpleGrantedAuthority(user.getRole());
UserDetails userDetails = (UserDetails)new User(user.getName(), user.getPassword(), Arrays.asList(authority));
return userDetails;
}
}
This is what I have in my Database:
When you set access to permitAll
, you should not be even asked for credential and UserDetailsServiceImpl would not be consulted at all.
You may need to enable web security expressions like this: <http use-expressions="true">
See https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html#el-access-web
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.