Spring MVC安全性不起作用

Question

我是spring mvc的新手，我尝试遵循http://docs.spring.io/spring-security/site/docs/3.2.5.RELEASE/reference/htmlsingle/#hello-web-中所示的安全示例安全性Java配置

我已经完成了所有步骤，但是没有任何事情发生，而是没有安全设置的常规执行。 本教程声称将首先显示登录页面。 但是那没有发生。 由于没有任何安全限制，所以我访问了系统。

我的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!-- The definition of the Root Spring Container shared by all Servlets 
        and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml</param-value>
    </context-param>

    <!-- Creates the Spring Container shared by all Servlets and Filters, the 
        root application context is created by it -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>

SecurityConfig.java

package com.channelit.example;

import org.springframework.beans.factory.annotation.Autowired;

    import org.springframework.context.annotation.*;
    import org.springframework.security.config.annotation.authentication.builders.*;
    import org.springframework.security.config.annotation.web.configuration.*;

    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .inMemoryAuthentication()
                    .withUser("user").password("password").roles("USER");
        }
    }

Answer 1

您错过了SecurityConfig类中的限制URL。

将此代码片段添加到您的SecurityConfig类中，如下所示：

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()          
        .antMatchers("/your_restrict_url_here/**").access("hasRole('USER')")
        .and().formLogin();

    }

您可以在此处参考更多详细信息。