spring 安全标签库 sec:authorize url 不工作
spring security tag library sec:authorize url not working
在我的 spring 引导项目中,我使用 spring 安全标记库。
当我以具有 ROLE_USER 角色的用户身份登录时,根据我下面的配置,它应该不会显示在管理区域中。
<sec:authorize url="/admin/**">
<p>This is shown who has a role ADMIN</p>
</sec:authorize>
这部分。
但它不起作用。
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h2>Welcome Home <sec:authentication property="name"/></h2>
<h3>roles : <sec:authentication property="principal.authorities"/></h2>
<sec:authorize access="hasRole('ADMIN')">
<p>This is shown who has a role ADMIN</p>
</sec:authorize>
<sec:authorize access="hasRole('USER')">
<p>This is shown who has a role USER</p>
</sec:authorize>
<sec:authorize access="hasRole('TESTER')">
<p>This is shown who has a role TESTER</p>
</sec:authorize>
<sec:authorize url="/admin/**">
<p>This is shown whom can access to /admin/**</p>
</sec:authorize>
<sec:authorize url="/user/**">
<p>This is shown whom can access to /user/**</p>
</sec:authorize>
<sec:authorize url="/tester/**">
<p>This is shown whom can access to /tester/**</p>
</sec:authorize>
<form action="/logout" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body>
</html>
[查看][1]
我已经尝试了 Whosebug 中关于这个问题的所有答案,但我仍然无法解决这个问题。
已经有 2 周多的时间试图解决这个问题。
当我使用 thymeleaf 相同的 java 配置进行测试时,它起作用了。但不适用于 jsp.
这是我的设置
java spring 安全配置
请帮我解决这个问题。
@Configuration
@EnableWebSecurity
public class WebSecurity {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.expressionHandler(expressionHandler())
.antMatchers("/", "/home", "/test").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("USER")
.antMatchers("/tester/**").hasAnyRole("TESTER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public RoleHierarchyImpl roleHierarchy() {
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
String hierarchy ="ROLE_ADMIN > ROLE_USER and ROLE_USER > ROLE_TESTER";
roleHierarchy.setHierarchy(hierarchy);
return roleHierarchy;
}
// create two users, admin and user
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("tester").password("{noop}tester").roles("TESTER")
.and()
.withUser("admin").password("{noop}admin").roles("ADMIN");
}
private SecurityExpressionHandler<FilterInvocation> expressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
return defaultWebSecurityExpressionHandler;
}
}
build.gradle
buildscript {
ext {
springBootVersion = '2.0.2.RELEASE'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.bulky'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-web')
testCompile('org.springframework.boot:spring-boot-starter-test')
// tag::security[]
compile("org.springframework.boot:spring-boot-starter-security")
compile 'org.springframework.security:spring-security-taglibs:5.0.5.RELEASE'
// end::security[]
compile 'javax.servlet:jstl:1.2'
compile 'org.apache.tomcat.embed:tomcat-embed-jasper:9.0.0.M18'
}
ps: 抱歉英语不好
除了没有扩展 WebSecurityConfigurerAdapter 的 WebSecurity class 之外,您的所有安全配置都是正确的。我认为您需要首先扩展 class 以确保覆盖 配置方法 :
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//Your Code here
}
在我的 spring 引导项目中,我使用 spring 安全标记库。 当我以具有 ROLE_USER 角色的用户身份登录时,根据我下面的配置,它应该不会显示在管理区域中。
<sec:authorize url="/admin/**">
<p>This is shown who has a role ADMIN</p>
</sec:authorize>
这部分。
但它不起作用。
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h2>Welcome Home <sec:authentication property="name"/></h2>
<h3>roles : <sec:authentication property="principal.authorities"/></h2>
<sec:authorize access="hasRole('ADMIN')">
<p>This is shown who has a role ADMIN</p>
</sec:authorize>
<sec:authorize access="hasRole('USER')">
<p>This is shown who has a role USER</p>
</sec:authorize>
<sec:authorize access="hasRole('TESTER')">
<p>This is shown who has a role TESTER</p>
</sec:authorize>
<sec:authorize url="/admin/**">
<p>This is shown whom can access to /admin/**</p>
</sec:authorize>
<sec:authorize url="/user/**">
<p>This is shown whom can access to /user/**</p>
</sec:authorize>
<sec:authorize url="/tester/**">
<p>This is shown whom can access to /tester/**</p>
</sec:authorize>
<form action="/logout" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body>
</html>
[查看][1]
我已经尝试了 Whosebug 中关于这个问题的所有答案,但我仍然无法解决这个问题。 已经有 2 周多的时间试图解决这个问题。 当我使用 thymeleaf 相同的 java 配置进行测试时,它起作用了。但不适用于 jsp.
这是我的设置 java spring 安全配置
请帮我解决这个问题。
@Configuration
@EnableWebSecurity
public class WebSecurity {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.expressionHandler(expressionHandler())
.antMatchers("/", "/home", "/test").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("USER")
.antMatchers("/tester/**").hasAnyRole("TESTER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public RoleHierarchyImpl roleHierarchy() {
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
String hierarchy ="ROLE_ADMIN > ROLE_USER and ROLE_USER > ROLE_TESTER";
roleHierarchy.setHierarchy(hierarchy);
return roleHierarchy;
}
// create two users, admin and user
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("tester").password("{noop}tester").roles("TESTER")
.and()
.withUser("admin").password("{noop}admin").roles("ADMIN");
}
private SecurityExpressionHandler<FilterInvocation> expressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
return defaultWebSecurityExpressionHandler;
}
}
build.gradle
buildscript {
ext {
springBootVersion = '2.0.2.RELEASE'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.bulky'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-web')
testCompile('org.springframework.boot:spring-boot-starter-test')
// tag::security[]
compile("org.springframework.boot:spring-boot-starter-security")
compile 'org.springframework.security:spring-security-taglibs:5.0.5.RELEASE'
// end::security[]
compile 'javax.servlet:jstl:1.2'
compile 'org.apache.tomcat.embed:tomcat-embed-jasper:9.0.0.M18'
}
ps: 抱歉英语不好
除了没有扩展 WebSecurityConfigurerAdapter 的 WebSecurity class 之外,您的所有安全配置都是正确的。我认为您需要首先扩展 class 以确保覆盖 配置方法 :
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//Your Code here
}