为什么我的Spring Security无法正常工作？

Question

我目前正在做一个关于Spring MVC的项目，我正在尝试整合Spring Security。 但是我没有这样做，我完全不知道我缺少什么。 请查看我的代码并提供您的建议。

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/mvc 
    http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/data/jpa
    http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/**"
            access="hasRole('ROLE_ADMIN')" />
        <security:intercept-url pattern="/suser/**"
            access="isAuthenticated()" />
        <!-- <security:intercept-url pattern="/resources/**" access="isAuthenticated()" 
            /> -->
        <!-- <security:form-login login-page="/home" default-target-url="/doctor" 
            authentication-failure-url="/authfailed" username-parameter="email" password-parameter="password" 
            /> <security:logout logout-success-url="/logoutsuccess" /> <security:csrf/> -->
        <!-- <security:csrf disabled="true"/> -->
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider
            user-service-ref="userService">

        </security:authentication-provider>
    </security:authentication-manager>

    <security:jdbc-user-service id="userService"
        data-source-ref="dataSource"
        users-by-username-query="select email , password, true from user where userId=?"
        authorities-by-username-query="select userId ,'ROLE_ADMIN' from user where userId=?" />

</beans>    

同样，我的控制器是：

@Controller
public class MainController {

    @RequestMapping(value = "/signup", method = RequestMethod.GET)
    public String getSignupPage() {
        return "signup";
    }

    @RequestMapping(value = "/home", method = RequestMethod.GET)
    public ModelAndView getLoginSignupPage() {

        return new ModelAndView("module/loginsignup/loginsignup",StringConstants.PAGE_TITLE,StringConstants.WEB_APP_TITLE);
    }

    @RequestMapping(value = "/index", method = RequestMethod.GET)
    public String getIndexPage() {
        return "index";
    }

    @RequestMapping(value = "/admin", method = RequestMethod.GET)
    public String getAdminPage() {
        return "admin";
    }

    @RequestMapping(value = "/authfailed", method = RequestMethod.GET)
    public String getAuthFailPage() {
        return "autherror";
    }

    @RequestMapping(value = "/logoutsuccess", method = RequestMethod.GET)
    public String getLogoutSuccessPage() {
        return "logoutsuccess";
    }

    @RequestMapping(value = "/suser/test", method = RequestMethod.GET)
    public String getUserPage() {
        return "user";
    }
}

也是我的用户实体：

@Entity
@Table(name="user")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column
    private long userId;

    @Column
    private String firstName;

    @Column
    private String middleName;

    @Column
    private String lastName;

    @Column
    private String email;

    @Column
    private String password;

    @Column
    private String userStatus;

    @Column
    private Date createdDate;

    @Column
    private Date updatedDate;

    @Column
    private int createdBy;

    @Column
    private int updatedBy;

    @ManyToOne(fetch = FetchType.EAGER)
    @JoinColumn(name = "cityId")
    private City city;

    @ManyToMany(cascade = CascadeType.ALL)
    @JoinTable(name = "user_link_document",
               joinColumns = @JoinColumn(name = "userId"),
               inverseJoinColumns = @JoinColumn(name = "documentId"))
    private List<Document> documentList;

    @OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
    private List<Review> reviewList;

我在build.gradle文件中的依赖项：

dependencies {
    compile("org.springframework.boot:spring-boot-starter-data-jpa")
    compile("javax.servlet:jstl:1.2")
    runtime("mysql:mysql-connector-java")
    compile("org.springframework.boot:spring-boot-starter-jdbc")
    compile ("org.springframework.boot:spring-boot-starter-web")
    compile("org.springframework.boot:spring-boot-starter-security")
    providedRuntime("org.springframework.boot:spring-boot-starter-tomcat")
    providedRuntime 'org.apache.tomcat.embed:tomcat-embed-jasper'
}

我对Spring MVC的所有配置都是正确的。 除了Spring Security，我没有其他问题。 谁能告诉我出什么事了吗？ 每当我浏览我的应用程序时，Spring Security都不会提示用户该登录页面。

Answer 1

您已添加/**限于ROLE_ADMIN ，它可以捕获所有URLs 。 另外，您也没有将/home URL添加到permitAll 。

您需要首先添加所有公共URL，在以下模式之前，无需登录即可访问这些公共URL。

<security:intercept-url pattern="/**"
            access="hasRole('ROLE_ADMIN')" />

Answer 2

你应该取消评论

 <security:form-login login-page="/home" default-target-url="/doctor" 
            authentication-failure-url="/authfailed" username-parameter="email" password-parameter="password"/> 

并为/home请求编写一个请求处理程序，该请求处理程序将重定向到登录页面。