开发者

Spring Security - How can I specify anonymous role to root page

The default URL for my web app is http://localhost:8080/Icd/

I want to display my custom login page which is /index.jsp.

However , when开发者_开发知识库 I configure the spring security to do so , I am getting too many redirects problem . Below the code present in the security.xml file .

Let me know if I am missing something .

<security:http auto-config="true" >

      <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/*" access="ROLE_USER" />
     <security:form-login login-page="/index.jsp" />
</security:http>
<security:authentication-provider>
    <security:user-service>
        <security:user name="david" password="david" authorities="ROLE_USER,ROLE_ADMIN" />
        <security:user name="alex" password="alex" authorities="ROLE_USER" />
    </security:user-service>
</security:authentication-provider>


When you put

<security:intercept-url pattern="/*" access="ROLE_USER" />

you're saying that every page requires ROLE_USER to be accessed (which includes the login page itself)

This (untested) may do the trick:

<security:intercept-url pattern="/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/*" access="ROLE_USER" />


Try specifying your configuration like the following:

 <security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >

  <security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
  <security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
  <security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>

  <security:form-login
    login-page="/krams/auth/login"
    authentication-failure-url="/krams/auth/login?error=true"
    default-target-url="/krams/main/common"/>

  <security:logout
    invalidate-session="true"
    logout-success-url="/krams/auth/login"
    logout-url="/krams/auth/logout"/>

 </security:http>

This one uses a custom login page. For more info, you can check the full application at http://krams915.blogspot.com/2010/12/spring-security-3-mvc-using-simple-user.html

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜