저는 스프링 보안 역할 기반 인증을 획득하고 역할에 따라 다른 페이지에서 사용자를 리디렉션하려고합니다. admin의 사용자가 admin/index.html로 리디렉션하고 사용자가 개발자 인 경우 개발자/index.html로 리디렉션합니다.다른 페이지에서 역할 기반 인증 및 리디렉션 요청
나는 아래 코드를 시도했다. 나는 어떤 예외도 직면하고 있지 않다. 그러나 문제가 어디에 있는지 확실하지 않다. 어떤 도움을 주셔서 감사합니다!
의 WebContent/관리/index.html을
This is admin landing page
의 WebContent/개발자/index.html을
This is developer landing page
의 pom.xml
http://maven.apache.org/maven -v4_0_0.xsd "> 4.0.0
<groupId>com.provm</groupId>
<artifactId>aws-vm-pro</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>aws-vm-pro</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>net.bull.javamelody</groupId>
<artifactId>javamelody-core</artifactId>
<version>1.60.0</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<warSourceDirectory>WebContent</warSourceDirectory>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.0.6.v20130930</version>
<configuration>
<webAppSourceDirectory>WebContent</webAppSourceDirectory>
<httpConnector>
<port>8088</port>
<host>localhost</host>
</httpConnector>
<scanIntervalSeconds>10</scanIntervalSeconds>
</configuration>
</plugin>
</plugins>
</build>
SecurityWebApplicationInitializer.java
package com.my.app;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(MvcConfig.class, SecurityConfig.class);
}
}
MvcConfig.java
package com.my.app;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
@ComponentScan(basePackages = "com.my.app")
public class MvcConfig {
@Bean
public CustomSuccessHandler getCustomSuccessHandler() {
return new CustomSuccessHandler();
}
@Bean
public MyUserDetailsService getMyUserDetailsService() {
return new MyUserDetailsService();
}
}
SecurityConfig.java
package com.my.app;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomSuccessHandler customSuccessHandler;
@Autowired
MyUserDetailsService myUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").hasAnyRole("ADMIN", "DEVELOPER").antMatchers("/admin/**")
.hasRole("ADMIN").antMatchers("/developer/**").hasRole("DEVELOPER").and().formLogin()
.successHandler(customSuccessHandler).and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll();
http.csrf().disable();
}
}
CustomSuccessHandler.java
01,232,324,MyUserDetailsService.java
package com.my.app;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component
public class MyUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String password = null;
String[] authorities = new String[1];
String admin = "admin";
String developer = "developer";
if (username.equals(admin)) {
password = "admin";
authorities[0] = "ADMIN";
}
if (username.equals(developer)) {
password = "developer";
authorities[1] = "DEVELOPER";
}
System.out.println(username + "=" + password + "=" + authorities);
return new MyUserDetails(username, password, authorities);
}
}
MyUserDetails.java
package com.my.app;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.List;
public class MyUserDetails implements UserDetails {
private String username;
private String password;
private List<GrantedAuthority> grantedAuthorities;
public MyUserDetails(String username, String password, String[] authorities) {
this.username = username;
this.password = password;
this.grantedAuthorities = AuthorityUtils.createAuthorityList(authorities);
}
public Collection<? extends GrantedAuthority> getAuthorities() {
return grantedAuthorities;
}
public String getPassword() {
return password;
}
public String getUsername() {
return username;
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return true;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
}
두 가지 보안 구성과 각기 다른 개미 규칙을 사용하여 비슷한 문제가 발생했습니다. 문제를 더 작은 조각으로 분해하십시오. 관리자를 분리하고 작동하면 개발자를 추가하십시오. 기본적으로 2 개의 웹 보안 구성 클래스를 사용하십시오. –