两个登录页面,但春季应用程序错误的重定向

时间:2016-02-29 09:58:19

标签: spring http spring-security

我试图在我的应用程序上创建其他登录页面。 第二个是正常工作,但我刚刚添加的第一个没有正确捕获URL并且没有重定向到好页面。
始终使用第二个HTTP配置。

<security:http pattern="/vcrequest/**" use-expressions="true" realm="NETMG Spring Security" authentication-manager-ref="authenticationManager">
     <security:logout logout-url="/resources/j_spring_security_logout" />

     <security:form-login
        login-processing-url="/resources/j_spring_security_check"
        login-page="/vcrequest/view/loginVCR"
        default-target-url="/vcrequest/controller/vcrequest/my-request"
        authentication-failure-url="/vcrequest/view/loginVCR?login_error=t" />

     <security:intercept-url pattern="/vcrequest/view/loginVCR" access="permitAll" />   
     <security:intercept-url pattern="/vcrequest/**" access="isAuthenticated()" />
     <security:http-basic/>
 </security:http>

<security:http use-expressions="true" realm="NETMG Spring Security" authentication-manager-ref="authenticationManager">
    <security:session-management session-fixation-protection="newSession"/>
    <security:logout logout-url="/resources/j_spring_security_logout" />

     <security:form-login
        login-processing-url="/resources/j_spring_security_check"
        login-page="/view/login"
        default-target-url="/view/home#agregateShowMode=site"
        authentication-failure-url="/view/login?login_error=t" />

    <security:intercept-url pattern="/controller/users/**" access="hasRole('ROLE_ADD_USERS')" />
    <security:intercept-url pattern="/controller/export/**" access="hasRole('ROLE_EXPORT')" />
    <security:intercept-url pattern="/controller/stocks/**" access="hasRole('ROLE_STOCKS')" />
    <security:intercept-url pattern="/controller/home/site/edit/**" access="hasAnyRole('ROLE_EDIT_SITE')" />
    <security:intercept-url pattern="/controller/home/site/create*" access="hasRole('ROLE_ADD_SITE')" />
    <security:intercept-url pattern="/controller/home/site/save*" access="hasAnyRole('ROLE_EDIT_SITE')" />
    <security:intercept-url pattern="/controller/home/site/change*" access="hasRole('ROLE_CLOSE_SITE')" />

    <security:intercept-url pattern="/controller/home/service/add/**" access="hasRole('ROLE_ADD_SERVICE')" />
    <security:intercept-url pattern="/controller/home/service/add*" access="hasRole('ROLE_ADD_SERVICE')" />
    <security:intercept-url pattern="/controller/home/service/link/**" access="hasRole('ROLE_LINK_SERVICE')" />
    <security:intercept-url pattern="/controller/home/service/edit/**" access="hasAnyRole('ROLE_EDIT_SERVICE')" />
    <security:intercept-url pattern="/controller/home/service/save/**" access="hasAnyRole('ROLE_EDIT_SERVICE')" />
    <security:intercept-url pattern="/controller/home/service/close/**" access="hasRole('ROLE_CLOSE_SERVICE')" />

    <security:intercept-url pattern="/controller/home/link/add/**" access="hasAnyRole('ROLE_ADD_LINK', 'ROLE_ADD_LINK_FOR_REQUEST')" />
    <security:intercept-url pattern="/controller/home/link/link*" access="hasRole('ROLE_ADD_LINK')" />
    <security:intercept-url pattern="/controller/home/link/edit/**" access="hasAnyRole('ROLE_EDIT_LINK')" />
    <security:intercept-url pattern="/controller/home/link/save/**" access="hasAnyRole('ROLE_EDIT_LINK')" />
    <security:intercept-url pattern="/controller/home/link/close/**" access="hasRole('ROLE_CLOSE_LINK')" />


    <security:intercept-url pattern="/controller/home/device/add/**" access="hasAnyRole('ROLE_ADD_DEVICE', 'ROLE_ADD_DEVICE_FOR_REQUEST')" />
    <security:intercept-url pattern="/controller/home/device/link/**" access="hasRole('ROLE_LINK_DEVICE')" />
    <security:intercept-url pattern="/controller/home/device/link*" access="hasRole('ROLE_LINK_DEVICE')" />
    <security:intercept-url pattern="/controller/home/device/edit/**" access="hasAnyRole('ROLE_EDIT_DEVICE')" />
    <security:intercept-url pattern="/controller/home/device/save/**" access="hasAnyRole('ROLE_EDIT_DEVICE')" />
    <security:intercept-url pattern="/controller/home/device/close/**" access="hasRole('ROLE_CLOSE_DEVICE')" />

    <security:intercept-url pattern="/pages/private/**" access="isAuthenticated()" />

    <!-- URLs not secured -->
    <security:intercept-url pattern="/resources/**" access="permitAll" />
    <security:intercept-url pattern="/css/**" access="permitAll" />
    <security:intercept-url pattern="/img/**" access="permitAll" />
    <security:intercept-url pattern="/js/**" access="permitAll" />
    <security:intercept-url pattern="/view/login" access="permitAll" />
    <security:intercept-url pattern="/view/loginVCR" access="permitAll" />
    <security:intercept-url pattern="/jamon/**" access="permitAll" />
    <security:intercept-url pattern="/view/js-dynamic/**" access="permitAll" />

    <!-- All others URLs need at least that the user is authenticated -->
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>

我使用以下帖子但没有成功: Two realms in same application with Spring Security? 有谁知道如何解决这个问题?

1 个答案:

答案 0 :(得分:0)

在这两个领域中使用相同的login-processing-url可能会遇到麻烦。您是否尝试将第一个域login-processing-url更改为另一个映射,例如:

<security:form-login
        login-processing-url="/anotherresource/j_spring_security_check"

注意:如果您将此参数设置为第一个域匹配模式,则为

/vcrequest/j_spring_security_check

请记住使用

在安全领域绕过它 
<security:intercept-url pattern="/vcrequest/j_spring_security_check"` access="permitAll" />
相关问题
最新问题