Question

I m试图在我的共同财产基金2.0申请中使用一个习俗标志页。使用春天安全3.0.5和用户标识之后的Im,该网页正确方向。它不是要进入所要求的网页(当地:8080/erp-web)。

这是我的首页:

<h:form prependId="false">
    <h:panelGroup layout="block" class="hrgi-dialog-content hrgi-div-form clearfix">
        <p:focus/>            
        <h:outputLabel for="j_username"/>
        <p:inputText id="j_username" value="#{loginBean.usuario}" required="true"/>
        <h:outputLabel for="j_password"/>
        <h:inputSecret id="j_password" value="#{loginBean.senha}" required="true"/>
        <h:commandButton id="submit" type="submit" value="OK" action="#{loginBean.submit}"/>
    </h:panelGroup>
</h:form>

使用的是:

public class LoginBean {

    private String usuario;
    private String senha;

    public String submit() throws IOException, ServletException {
        ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
        RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/j_spring_security_check");
        dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());
        FacesContext.getCurrentInstance().responseComplete();
        return null;
    }

/*getters and setters here*/

}

最后,这是我的春季安全卷宗:

<http auto-config="true">
    <intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/**" access="ROLE_CADASTRADOR,ROLE_ADMINISTRADOR,ROLE_VENDEDOR,ROLE_BANCO"/>
    <form-login login-page="/login.xhtml"/>
    <session-management>
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
    </session-management>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="daoAuthenticationProvider"/>
</authentication-manager>

<bean:bean id="daoAuthenticationProvider"
           class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"
           scope="singleton">
    <bean:property name="userDetailsService" ref="detalhadorDeUsuarios"/>
    <bean:property name="passwordEncoder" ref="passwordEncoder"/>
</bean:bean>

<bean:bean id="detalhadorDeUsuarios" class="com.hrgi.web.seguranca.DetalhadorDeUsuarios"
           scope="singleton">
    <bean:property name="recuperador" ref="funcionarioDao"/>
</bean:bean>

<bean:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"
           scope="singleton">
    <bean:constructor-arg name="strength" value="256"/>
</bean:bean>

<bean:bean id="loginBean" class="com.hrgi.web.seguranca.LoginBean" scope="request"/>


<bean:bean id="loggerListener"
      class="org.springframework.security.authentication.event.LoggerListener" />

Here is what I receive as response:

Answer 1

你们应该为不受限制的事物增加 j/ resource。

<intercept-url pattern="/**/*.css*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**/*.js*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

问题在于春天安全拦截了你要求用日志页面填写的js档案,并强制执行认证。当它转而处理最近限制的URL时,就你的情况而言是 j。

友情链接