1

我正在构建一个提供 2 个登录表单的项目,一个用于member,另一个用于agent,它们都不同,因此我有 2 个表(memberagent)。我想为它们制作具有不同映射的登录表单。/pages/agent是 的形式agent/index.html项目的)是member/pages是我的调度员。我尝试了很多方法都没有成功。

这是我的安全上下文:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http pattern="/pages/*" authentication-manager-ref="agentAuth">
    <intercept-url pattern="/pages/agentprofile*" access="ROLE_AGENT" />
    <form-login login-page="/pages/agent" default-target-url="/pages/agentprofile" />
    <logout logout-success-url="/pages/logout" logout-url="/pages/j_spring_security_logout" delete-cookies="JSESSIONID" />
</http>

<authentication-manager alias="agentAuth" id="agentAuth">
    <authentication-provider >
        <password-encoder hash="md5" />
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username, password, enable from agent where USERNAME=?"

            authorities-by-username-query="select a.username, r.namaRole from agent a, role r where r.idRole = a.idRole and a.username = ?" />

    </authentication-provider>
</authentication-manager>

<http authentication-manager-ref="memberAuth">
    <intercept-url pattern="/pages/member*" access="ROLE_USER" />
    <intercept-url pattern="/pages/myorder*" access="ROLE_USER" />
    <intercept-url pattern="/pages/voucherbelanja*" access="ROLE_USER" />
    <intercept-url pattern="/pages/rewardpoint*" access="ROLE_USER" />
    <intercept-url pattern="/pages/myreview*" access="ROLE_USER" />
    <intercept-url pattern="/pages/voucherhotel*" access="ROLE_USER" />
    <form-login login-page="/" default-target-url="/pages/member"
        authentication-failure-url="/pages/loginfailed" />
    <form-login login-page="/pages/loginfailed"
        default-target-url="/pages/member" authentication-failure-url="/pages/loginfailed"
        authentication-success-handler-ref="loginSucessHandler" />
    <logout logout-success-url="/pages/logout" logout-url="/pages/j_spring_security_logout"  delete-cookies="JSESSIONID"/>
</http>

<authentication-manager alias="memberAuth" id="memberAuth">
    <authentication-provider>
        <password-encoder hash="md5" />
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username, password, enable from member where USERNAME=?"

            authorities-by-username-query="select m.username, r.namaRole from member m, role r where r.idRole = m.idRole and m.username = ?" />

    </authentication-provider>
</authentication-manager>

<beans:bean id="loginSuccessHandler" class="com.klik.service.LoginSuccessHandler" />

这是我在 web.xml 中的 spring 安全过滤器:

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>   
    <url-pattern>/pages/*</url-pattern> 
</filter-mapping>
4

1 回答 1

0

我也在尝试做类似的事情但失败了。所以我用谷歌搜索了这篇文章。

你怎么了?你得到什么样的错误?

从您的配置来看,我认为可能存在一些问题:

1)你先配置,<http pattern="/pages/*" 它会匹配所有以'pages'开头的url,然后成员url不能工作。

2)在您的第二个配置中,有 2 个登录表单。

3)在两个配置中,您都有相同的注销 url。合适吗?我的意思是,spring security 如何决定哪个领域将注销?

于 2014-03-25T14:48:33.593 回答