完成一个简单的用户登录,用户的资源权限都需要从数据库中读取.
问题:如果是将配置信息写在applicationContext-secuirty.xml文件中的话,则会按配置中的内容一样,完成各项操作.
如果是将资源权限信息写到数据库中,则会出现循环重定向的问题..
(会循环重定向的原因,是因为Security3在请求路径中没有加 "/" 导致的. 但我的数据库表中,确实有加"/",从而导致它在循环重定向.. 这个我有测试.)当系统正常启动后, 我输入http://localhost:8080/fpm/ 后, 就在一直循环重定向..
重定向到login.action, 一直在那里循环请求..正常情况下,则会跳转到login.jsp页面,这只是一个简单的登录页面捣鼓了几个小时,实在没办法,麻烦各位看下..----------------------------------------------------------------我将信息数据库表中的资源权限信息输出后,结果为:
ROLE_ADMIN : /company/company.action
IS_AUTHENTICATED_FULLY : /**
IS_AUTHENTICATED_ANONYMOUSLY : /login.action
ROLE_USER : /dept/dept.action
ApplicationContext-Security.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:ss="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"
default-autowire="byType"> <ss:http auto-config="true">
<ss:intercept-url pattern="/common/**" filters="none"/>
<ss:intercept-url pattern="/css/**" filters="none"/>
<ss:intercept-url pattern="/images/**" filters="none"/>
<ss:intercept-url pattern="/js/**" filters="none"/>
<!--
<ss:intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<ss:intercept-url pattern="/company/company.action" access="ROLE_ADMIN"/>
<ss:intercept-url pattern="/dept/dept.action" access="ROLE_USER"/>
<ss:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
-->
<ss:form-login
login-page="/login.action"
authentication-failure-url="/login.action?error=true"
default-target-url="/"
/>
</ss:http>
<!--<ss:authentication-provider>
<ss:password-encoder hash="md5"/>
<ss:user-service>
<ss:user password="21232f297a57a5a743894a0e4a801fc3" name="admin" authorities="ROLE_ADMIN,ROLE_USER"/>
<ss:user password="ee11cbb19052e40b07aac0ca060c23ee" name="user" authorities="ROLE_USER"/>
</ss:user-service>
</ss:authentication-provider>
-->
<!--
<ss:authentication-provider>
<ss:password-encoder hash="md5">
<ss:salt-source user-property="username"/>
</ss:password-encoder>
<ss:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled from test_user where username = ?"
authorities-by-username-query="select u.username,r.role_name authority from test_user u
join test_user_role ur on ur.user_id = u.id
join test_role r on ur.role_id = r.id
where u.username = ?"/>
</ss:authentication-provider>
-->
<ss:authentication-provider user-service-ref="userDetailsService"/> <bean id="userDetailsService" class="com.nilpower.fpm.security.service.impl.UserDetailsServiceImpl"/>
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<ss:custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
<property name="objectDefinitionSource" ref="definitionSource"/>
</bean>
<bean id="definitionSource" class="com.nilpower.fpm.security.DefinitionSourceFactoryBean"/>
</beans>
问题:如果是将配置信息写在applicationContext-secuirty.xml文件中的话,则会按配置中的内容一样,完成各项操作.
如果是将资源权限信息写到数据库中,则会出现循环重定向的问题..
(会循环重定向的原因,是因为Security3在请求路径中没有加 "/" 导致的. 但我的数据库表中,确实有加"/",从而导致它在循环重定向.. 这个我有测试.)当系统正常启动后, 我输入http://localhost:8080/fpm/ 后, 就在一直循环重定向..
重定向到login.action, 一直在那里循环请求..正常情况下,则会跳转到login.jsp页面,这只是一个简单的登录页面捣鼓了几个小时,实在没办法,麻烦各位看下..----------------------------------------------------------------我将信息数据库表中的资源权限信息输出后,结果为:
ROLE_ADMIN : /company/company.action
IS_AUTHENTICATED_FULLY : /**
IS_AUTHENTICATED_ANONYMOUSLY : /login.action
ROLE_USER : /dept/dept.action
ApplicationContext-Security.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:ss="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"
default-autowire="byType"> <ss:http auto-config="true">
<ss:intercept-url pattern="/common/**" filters="none"/>
<ss:intercept-url pattern="/css/**" filters="none"/>
<ss:intercept-url pattern="/images/**" filters="none"/>
<ss:intercept-url pattern="/js/**" filters="none"/>
<!--
<ss:intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<ss:intercept-url pattern="/company/company.action" access="ROLE_ADMIN"/>
<ss:intercept-url pattern="/dept/dept.action" access="ROLE_USER"/>
<ss:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
-->
<ss:form-login
login-page="/login.action"
authentication-failure-url="/login.action?error=true"
default-target-url="/"
/>
</ss:http>
<!--<ss:authentication-provider>
<ss:password-encoder hash="md5"/>
<ss:user-service>
<ss:user password="21232f297a57a5a743894a0e4a801fc3" name="admin" authorities="ROLE_ADMIN,ROLE_USER"/>
<ss:user password="ee11cbb19052e40b07aac0ca060c23ee" name="user" authorities="ROLE_USER"/>
</ss:user-service>
</ss:authentication-provider>
-->
<!--
<ss:authentication-provider>
<ss:password-encoder hash="md5">
<ss:salt-source user-property="username"/>
</ss:password-encoder>
<ss:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled from test_user where username = ?"
authorities-by-username-query="select u.username,r.role_name authority from test_user u
join test_user_role ur on ur.user_id = u.id
join test_role r on ur.role_id = r.id
where u.username = ?"/>
</ss:authentication-provider>
-->
<ss:authentication-provider user-service-ref="userDetailsService"/> <bean id="userDetailsService" class="com.nilpower.fpm.security.service.impl.UserDetailsServiceImpl"/>
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<ss:custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
<property name="objectDefinitionSource" ref="definitionSource"/>
</bean>
<bean id="definitionSource" class="com.nilpower.fpm.security.DefinitionSourceFactoryBean"/>
</beans>
解决方案 »
- 关于从servlet跳转到jsp页面出现“?”的问题
- hibernate 级联 (在线等)
- java EE 如何实现对两个服务器的数据进行进行提取
- struts拦截器的问题!!!
- 配置问题
- 我写的javaMail发送邮件在本地windows系统下可以实现,怎么上传到Linux服务器就发送不了邮件了
- 求推荐程序设计的书
- 【请教】tomcat5.5.1中文乱码问题
- 在做下载功能时总是报一下的错误"20:49:23,453 ERROR [Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw ex
- spring+mybatis项目启动报错
- 用JAVA窗口写个记事本
- struts1.3.10配置问题
这里需要加入登录页面的过滤,把登录页面放行就好了。
如果你登录页面是配置到数据库中 自定义过滤链 你也需要在http标签里面加入过滤链才能生效吧
然后,那段我打印出来的信息,就是从数据库中读取出来的"资源"和"权限"
IS_AUTHENTICATED_ANONYMOUSLY : /login.action 明白吗?