2017-12-13 12 views
-2

저는 스프링 보안 역할 기반 인증을 획득하고 역할에 따라 다른 페이지에서 사용자를 리디렉션하려고합니다. admin의 사용자가 admin/index.html로 리디렉션하고 사용자가 개발자 인 경우 개발자/index.html로 리디렉션합니다.다른 페이지에서 역할 기반 인증 및 리디렉션 요청

나는 아래 코드를 시도했다. 나는 어떤 예외도 직면하고 있지 않다. 그러나 문제가 어디에 있는지 확실하지 않다. 어떤 도움을 주셔서 감사합니다!

의 WebContent/관리/index.html을

This is admin landing page 

의 WebContent/개발자/index.html을

This is developer landing page 

의 pom.xml

http://maven.apache.org/maven -v4_0_0.xsd "> 4.0.0

<groupId>com.provm</groupId> 
<artifactId>aws-vm-pro</artifactId> 
<packaging>war</packaging> 
<version>0.0.1-SNAPSHOT</version> 
<name>aws-vm-pro</name> 
<url>http://maven.apache.org</url> 

<dependencies> 
    <dependency> 
     <groupId>javax.servlet</groupId> 
     <artifactId>javax.servlet-api</artifactId> 
     <version>3.1.0</version> 
    </dependency> 
    <dependency> 
     <groupId>org.springframework</groupId> 
     <artifactId>spring-webmvc</artifactId> 
     <version>4.2.9.RELEASE</version> 
    </dependency> 
    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-config</artifactId> 
     <version>4.0.0.RELEASE</version> 
    </dependency> 
    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-web</artifactId> 
     <version>4.0.0.RELEASE</version> 
    </dependency> 
    <dependency> 
     <groupId>net.bull.javamelody</groupId> 
     <artifactId>javamelody-core</artifactId> 
     <version>1.60.0</version> 
    </dependency> 
    <dependency> 
     <groupId>com.fasterxml.jackson.core</groupId> 
     <artifactId>jackson-databind</artifactId> 
     <version>2.9.2</version> 
    </dependency> 
    <dependency> 
     <groupId>commons-fileupload</groupId> 
     <artifactId>commons-fileupload</artifactId> 
     <version>1.3</version> 
    </dependency> 
</dependencies> 

<build> 
    <plugins> 
     <plugin> 
      <groupId>org.apache.maven.plugins</groupId> 
      <artifactId>maven-war-plugin</artifactId> 
      <configuration> 
       <warSourceDirectory>WebContent</warSourceDirectory> 
       <failOnMissingWebXml>false</failOnMissingWebXml> 
      </configuration> 
     </plugin> 
     <plugin> 
      <artifactId>maven-compiler-plugin</artifactId> 
      <version>3.1</version> 
      <configuration> 
       <source>1.7</source> 
       <target>1.7</target> 
      </configuration> 
     </plugin> 
     <plugin> 
      <groupId>org.eclipse.jetty</groupId> 
      <artifactId>jetty-maven-plugin</artifactId> 
      <version>9.0.6.v20130930</version> 
      <configuration> 
       <webAppSourceDirectory>WebContent</webAppSourceDirectory> 
       <httpConnector> 
        <port>8088</port> 
        <host>localhost</host> 
       </httpConnector> 
       <scanIntervalSeconds>10</scanIntervalSeconds> 
      </configuration> 
     </plugin> 
    </plugins> 
</build> 

SecurityWebApplicationInitializer.java

package com.my.app; 

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { 

    public SecurityWebApplicationInitializer() { 
     super(MvcConfig.class, SecurityConfig.class); 
    } 

} 

MvcConfig.java

package com.my.app; 

import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.ComponentScan; 

@ComponentScan(basePackages = "com.my.app") 
public class MvcConfig { 

    @Bean 
    public CustomSuccessHandler getCustomSuccessHandler() { 
     return new CustomSuccessHandler(); 
    } 

    @Bean 
    public MyUserDetailsService getMyUserDetailsService() { 
     return new MyUserDetailsService(); 
    } 

} 

SecurityConfig.java

package com.my.app; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    CustomSuccessHandler customSuccessHandler; 
    @Autowired 
    MyUserDetailsService myUserDetailsService; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(myUserDetailsService); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().antMatchers("/").hasAnyRole("ADMIN", "DEVELOPER").antMatchers("/admin/**") 
       .hasRole("ADMIN").antMatchers("/developer/**").hasRole("DEVELOPER").and().formLogin() 
       .successHandler(customSuccessHandler).and().logout() 
       .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll(); 
     http.csrf().disable(); 
    } 

} 

CustomSuccessHandler.java

01,232,324,

MyUserDetailsService.java

package com.my.app; 

import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
import org.springframework.stereotype.Component; 

@Component 
public class MyUserDetailsService implements UserDetailsService { 

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
     String password = null; 
     String[] authorities = new String[1]; 
     String admin = "admin"; 
     String developer = "developer"; 
     if (username.equals(admin)) { 
      password = "admin"; 
      authorities[0] = "ADMIN"; 
     } 
     if (username.equals(developer)) { 
      password = "developer"; 
      authorities[1] = "DEVELOPER"; 
     } 
     System.out.println(username + "=" + password + "=" + authorities); 
     return new MyUserDetails(username, password, authorities); 
    } 

} 

MyUserDetails.java

package com.my.app; 

import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.authority.AuthorityUtils; 
import org.springframework.security.core.userdetails.UserDetails; 
import java.util.Collection; 
import java.util.List; 

public class MyUserDetails implements UserDetails { 
    private String username; 
    private String password; 
    private List<GrantedAuthority> grantedAuthorities; 

    public MyUserDetails(String username, String password, String[] authorities) { 
     this.username = username; 
     this.password = password; 
     this.grantedAuthorities = AuthorityUtils.createAuthorityList(authorities); 
    } 

    public Collection<? extends GrantedAuthority> getAuthorities() { 
     return grantedAuthorities; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public String getUsername() { 
     return username; 
    } 

    public boolean isAccountNonExpired() { 
     return true; 
    } 

    public boolean isAccountNonLocked() { 
     return true; 
    } 

    public boolean isCredentialsNonExpired() { 
     return true; 
    } 

    public boolean isEnabled() { 
     return true; 
    } 

} 
+0

두 가지 보안 구성과 각기 다른 개미 규칙을 사용하여 비슷한 문제가 발생했습니다. 문제를 더 작은 조각으로 분해하십시오. 관리자를 분리하고 작동하면 개발자를 추가하십시오. 기본적으로 2 개의 웹 보안 구성 클래스를 사용하십시오. –

답변

0

나는 나 자신을 알아 냈다. 두 가지 문제가있었습니다 :

1. While adding String [] authorities, I should have added authorities[0] instead of authorities[1]. 
2. In case of admin: authorities[0] = "ROLE_ADMIN", In case of developer authorities[0] = "ROLE_DEVELOPER".