在我的Spring Security中我有一個問題。當我訪問url/admin,/ client甚至/admin/addUser.jsp時,它會將我返回到登錄頁面(如有必要),但是當我訪問url/addUser(映射到Spring MVC控制器)時,它會返回我無論如何,即使用戶未被認證也是一個頁面。我需要爲安全性添加/刪除/修改什麼配置才能正常運行。Spring安全認證決定
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true"> <!--access-decision-manager-ref="accessDecisionManager"-->
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/client*/**" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/login" default-target-url="/index" authentication-failure-url="/loginFail"
authentication-success-handler-ref="redirectRoleStrategy"/>
<security:logout logout-success-url="/logout" invalidate-session="true"/>
<security:access-denied-handler error-page="/403"/>
</security:http>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService"/>
</security:authentication-manager>
<bean id="redirectRoleStrategy" class="com.payment.system.util.RoleBasedAuthenticationSuccessHandler">
<property name="roleUrlMap">
<map>
<entry key="ROLE_ADMIN" value="/admin"/>
<entry key="ROLE_USER" value="/client"/>
</map>
</property>
</bean>
</beans>
P.S:對了,我想到了一個主意,通過我<property name="providers">
行報告我,這家酒店已被棄用。我應該替換哪個屬性?
謝謝!
誰應該訪問'/ addUser' – 2013-02-27 15:55:48
用戶只有ROLE_ADMIN – sidlejinks 2013-02-27 16:02:34