写感谢您抽时间阅读,我的配置是这样的
<http auto-config="true" access-denied-page="/403.jsp" use-expressions="true">
<intercept-url pattern="/" access="hasRole('abc')" /><!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/index.jsp" access="hasRole('abc')" /><!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/j_spring_security_switch_user" access="hasRole('abc')" /><!-- ROLE_SUPERVISOR -->
<intercept-url pattern="/admin/**" access="hasRole('abc')"/><!-- access="ROLE_USER" -->
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
<http-basic />
<logout logout-success-url="/index.jsp" />
<remember-me />
<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER" />
</http>
登陆是实现UserDetailsService接口
@Override
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
User user = LoginUtil.login(userName);
UserLoginDetails userDetails = new UserLoginDetails();
if (user != null) { // 如果该用户的信息存在,那么构造UserDetails
userDetails.setUsername(user.getSupervisor_Account()); // 设置用户名
userDetails.setPassword(user.getSupervisor_Password()); // 设置密码
userDetails.setEnabled(user.isDisabled()); // 设置启用状态
// 角色字符串如:”ROLE_SUPERVISOR,ROLE_USER”。以逗号隔开
//String[] rights = (String[]) user.getRoles().toArray(); // 分割多个角色
String[] rights = {"abc","ROLE_USER","ROLE_SUPERVISOR","IS_AUTHENTICATED_ANONYMOUSLY","ROLE_SUPERVISOR","SWITCH_USER_FILTER"};
// 设置用户的授权信息IS_AUTHENTICATED_ANONYMOUSLY
GrantedAuthority[] authorities = new GrantedAuthority[rights.length];
for (int i = 0; i < rights.length; i++) {
authorities[i] = new GrantedAuthorityImpl(rights[i]);
}
userDetails.setAuthorities(authorities);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
System.out.println();
} else { // 如果该用户不存在,则抛出异常,参考JdbcDaoImpl
throw new UsernameNotFoundException("User not found");
} return userDetails;
}能够登陆成功但是跳转到了403页面?哪位用过spring security的大虾指点下是我哪里配置错还是少配置了什么东西?
<http auto-config="true" access-denied-page="/403.jsp" use-expressions="true">
<intercept-url pattern="/" access="hasRole('abc')" /><!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/index.jsp" access="hasRole('abc')" /><!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/j_spring_security_switch_user" access="hasRole('abc')" /><!-- ROLE_SUPERVISOR -->
<intercept-url pattern="/admin/**" access="hasRole('abc')"/><!-- access="ROLE_USER" -->
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
<http-basic />
<logout logout-success-url="/index.jsp" />
<remember-me />
<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER" />
</http>
登陆是实现UserDetailsService接口
@Override
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
User user = LoginUtil.login(userName);
UserLoginDetails userDetails = new UserLoginDetails();
if (user != null) { // 如果该用户的信息存在,那么构造UserDetails
userDetails.setUsername(user.getSupervisor_Account()); // 设置用户名
userDetails.setPassword(user.getSupervisor_Password()); // 设置密码
userDetails.setEnabled(user.isDisabled()); // 设置启用状态
// 角色字符串如:”ROLE_SUPERVISOR,ROLE_USER”。以逗号隔开
//String[] rights = (String[]) user.getRoles().toArray(); // 分割多个角色
String[] rights = {"abc","ROLE_USER","ROLE_SUPERVISOR","IS_AUTHENTICATED_ANONYMOUSLY","ROLE_SUPERVISOR","SWITCH_USER_FILTER"};
// 设置用户的授权信息IS_AUTHENTICATED_ANONYMOUSLY
GrantedAuthority[] authorities = new GrantedAuthority[rights.length];
for (int i = 0; i < rights.length; i++) {
authorities[i] = new GrantedAuthorityImpl(rights[i]);
}
userDetails.setAuthorities(authorities);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
System.out.println();
} else { // 如果该用户不存在,则抛出异常,参考JdbcDaoImpl
throw new UsernameNotFoundException("User not found");
} return userDetails;
}能够登陆成功但是跳转到了403页面?哪位用过spring security的大虾指点下是我哪里配置错还是少配置了什么东西?
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货