如何为用户和管理员角色的不同主页配置spring引导安全性,并为管理员和用户配置单独的控制器

rur96b6h  于 2021-09-29  发布在  Java
关注(0)|答案(1)|浏览(220)

我正在从事SpringBoot(版本2.5.2)项目。我已经用thymeleaf对登录页面进行了安全配置。我有一个主控制器用于登录页面和关于页面。当用户单击登录页面时,我希望用户根据各自的角色从主控制器移动到管理控制器或用户控制器URL。
我在主控制器中设置了defaultsuccessurl,我检查了用户角色,并尝试根据他的角色将用户重定向到其各自的控制器。但是,url显示在浏览器中,但管理员或用户控制器不响应此url,也不显示任何主页。
我尝试了成功处理程序,他们的我尝试了响应。但重定向(url)无法成功。如果你们能帮我,我会非常感激的。
请注意,admin和user thymeleaf模板页位于admin和user文件夹中。

package com.vu.wcms.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders
.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

导入org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter;导入org.springframework.security.core.userdetails.userdetails服务;导入org.springframework.security.crypto.bcrypt.bcryptpasswordencoder;

@Configuration
@EnableWebSecurity
public class MyConfig extends WebSecurityConfigurerAdapter {

@Bean
public UserDetailsService getUserDetailsService() {
    return new UserDetailsServiceImpl();
}

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Bean
public DaoAuthenticationProvider authenticationProvider() {
    DaoAuthenticationProvider dao = new DaoAuthenticationProvider();

    dao.setUserDetailsService(getUserDetailsService());
    dao.setPasswordEncoder(passwordEncoder());

    return dao;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
   http.authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .antMatchers("/user/**").hasRole("USER")
        .antMatchers("/**").permitAll()
        .and().formLogin()
        .loginPage("/")
        .loginProcessingUrl("/doLogin")
        .defaultSuccessUrl("/successHandler")
        .and().csrf().disable();     
}

}

 @GetMapping("/successHandler")
  public String defaultAfterLogin(Authentication authentication) {
   CustomUserDetails userDetails = (CustomUserDetails) authentication.getPrincipal();

   String url = "";
   if (userDetails.hasRole("ADMIN")) {
     url = "redirect:/admin/home";
     // return new ModelAndView("redirect:/admin/home");
 } else if (userDetails.hasRole("USER")) {
     url = "redirect:/user/home";
 }

 // return new ModelAndView("redirect:/user/home");

  return url;

}

@Controller
@RequestMapping("/admin")
public class AdminController {

@GetMapping("/home")
public String home(Model model) {
     System.out.println("in admin cotnroller");
     model.addAttribute("title", "Admin Home");

     return "admin/home";
 }

}

@Controller
@RequestMapping("/user")
public class UserController {

@GetMapping("/home")
public String home(Model model) {
    System.out.println("in user cotnroller");
    model.addAttribute("title", "User Home");

    return "user/home";
}
brc7rcf0

brc7rcf01#

我找到了这个问题的答案。问题出现在下面的代码中。

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests()
        .antMatchers("/admin/**").hasAnyAuthority("ADMIN")
        .antMatchers("/user/**").hasAnyAuthority("USER")
        .antMatchers("/**").permitAll()
        .and().formLogin().loginPage("/").loginProcessingUrl("/doLogin")
        .successHandler(customAuthenticationSuccessHandler)
        .and().logout().permitAll();
}

  > I was writing hasRole("ADMIN"), but problem solved when i wrote 
   hasAnyAuthority("ADMIN")

相关问题