我试图在我的应用程序上创建其他登录页面。
第二个是正常工作,但我刚刚添加的第一个没有正确捕获URL并且没有重定向到好页面。
始终使用第二个HTTP配置。
<security:http pattern="/vcrequest/**" use-expressions="true" realm="NETMG Spring Security" authentication-manager-ref="authenticationManager">
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:form-login
login-processing-url="/resources/j_spring_security_check"
login-page="/vcrequest/view/loginVCR"
default-target-url="/vcrequest/controller/vcrequest/my-request"
authentication-failure-url="/vcrequest/view/loginVCR?login_error=t" />
<security:intercept-url pattern="/vcrequest/view/loginVCR" access="permitAll" />
<security:intercept-url pattern="/vcrequest/**" access="isAuthenticated()" />
<security:http-basic/>
</security:http>
<security:http use-expressions="true" realm="NETMG Spring Security" authentication-manager-ref="authenticationManager">
<security:session-management session-fixation-protection="newSession"/>
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:form-login
login-processing-url="/resources/j_spring_security_check"
login-page="/view/login"
default-target-url="/view/home#agregateShowMode=site"
authentication-failure-url="/view/login?login_error=t" />
<security:intercept-url pattern="/controller/users/**" access="hasRole('ROLE_ADD_USERS')" />
<security:intercept-url pattern="/controller/export/**" access="hasRole('ROLE_EXPORT')" />
<security:intercept-url pattern="/controller/stocks/**" access="hasRole('ROLE_STOCKS')" />
<security:intercept-url pattern="/controller/home/site/edit/**" access="hasAnyRole('ROLE_EDIT_SITE')" />
<security:intercept-url pattern="/controller/home/site/create*" access="hasRole('ROLE_ADD_SITE')" />
<security:intercept-url pattern="/controller/home/site/save*" access="hasAnyRole('ROLE_EDIT_SITE')" />
<security:intercept-url pattern="/controller/home/site/change*" access="hasRole('ROLE_CLOSE_SITE')" />
<security:intercept-url pattern="/controller/home/service/add/**" access="hasRole('ROLE_ADD_SERVICE')" />
<security:intercept-url pattern="/controller/home/service/add*" access="hasRole('ROLE_ADD_SERVICE')" />
<security:intercept-url pattern="/controller/home/service/link/**" access="hasRole('ROLE_LINK_SERVICE')" />
<security:intercept-url pattern="/controller/home/service/edit/**" access="hasAnyRole('ROLE_EDIT_SERVICE')" />
<security:intercept-url pattern="/controller/home/service/save/**" access="hasAnyRole('ROLE_EDIT_SERVICE')" />
<security:intercept-url pattern="/controller/home/service/close/**" access="hasRole('ROLE_CLOSE_SERVICE')" />
<security:intercept-url pattern="/controller/home/link/add/**" access="hasAnyRole('ROLE_ADD_LINK', 'ROLE_ADD_LINK_FOR_REQUEST')" />
<security:intercept-url pattern="/controller/home/link/link*" access="hasRole('ROLE_ADD_LINK')" />
<security:intercept-url pattern="/controller/home/link/edit/**" access="hasAnyRole('ROLE_EDIT_LINK')" />
<security:intercept-url pattern="/controller/home/link/save/**" access="hasAnyRole('ROLE_EDIT_LINK')" />
<security:intercept-url pattern="/controller/home/link/close/**" access="hasRole('ROLE_CLOSE_LINK')" />
<security:intercept-url pattern="/controller/home/device/add/**" access="hasAnyRole('ROLE_ADD_DEVICE', 'ROLE_ADD_DEVICE_FOR_REQUEST')" />
<security:intercept-url pattern="/controller/home/device/link/**" access="hasRole('ROLE_LINK_DEVICE')" />
<security:intercept-url pattern="/controller/home/device/link*" access="hasRole('ROLE_LINK_DEVICE')" />
<security:intercept-url pattern="/controller/home/device/edit/**" access="hasAnyRole('ROLE_EDIT_DEVICE')" />
<security:intercept-url pattern="/controller/home/device/save/**" access="hasAnyRole('ROLE_EDIT_DEVICE')" />
<security:intercept-url pattern="/controller/home/device/close/**" access="hasRole('ROLE_CLOSE_DEVICE')" />
<security:intercept-url pattern="/pages/private/**" access="isAuthenticated()" />
<!-- URLs not secured -->
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/css/**" access="permitAll" />
<security:intercept-url pattern="/img/**" access="permitAll" />
<security:intercept-url pattern="/js/**" access="permitAll" />
<security:intercept-url pattern="/view/login" access="permitAll" />
<security:intercept-url pattern="/view/loginVCR" access="permitAll" />
<security:intercept-url pattern="/jamon/**" access="permitAll" />
<security:intercept-url pattern="/view/js-dynamic/**" access="permitAll" />
<!-- All others URLs need at least that the user is authenticated -->
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
我使用以下帖子但没有成功: Two realms in same application with Spring Security? 有谁知道如何解决这个问题?
答案 0 :(得分:0)
在这两个领域中使用相同的login-processing-url可能会遇到麻烦。您是否尝试将第一个域login-processing-url更改为另一个映射,例如:
<security:form-login
login-processing-url="/anotherresource/j_spring_security_check"
注意:如果您将此参数设置为第一个域匹配模式,则为
/vcrequest/j_spring_security_check
请记住使用
在安全领域绕过它<security:intercept-url pattern="/vcrequest/j_spring_security_check"` access="permitAll" />