0
저는 봄 보안에 익숙하지 않습니다. 나는 Admin과 Common Users와 같은 두 가지 사용자 역할을 가지고 있습니다. 내가 관리 사용자에 의해 일부 JSP로만 액세스 할 수 있지만 문제는 일단 그/그녀는 여전히 봄 보안 구성에 제한을 둔 JSP로 페이지에 액세스 할 수 있습니다 로그 아웃입니다. 스프링 보안 사용자 역할 및 액세스 jsp
날 내가 여기서 뭘하고하면이 올바른지 여부를 알려주십시오? 는spring_security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/user/**" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<beans:bean id="customUserDetailsService"
class="com.nikunj.javabrains.services.CustomUserDetailsService"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
</authentication-provider>
</authentication-manager>
// ------------------------------ 컨트롤러 주셔서 감사합니다
package com.nikunj.javabrains.controller;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.nikunj.javabrains.domain.User;
import com.nikunj.javabrains.services.UserService;
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value = "/welcome", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal,
HttpServletRequest request) {
String name = principal.getName(); // get logged in username
model.addAttribute("username", name);
model.addAttribute("message",
"Spring Security login + database example");
if (request.isUserInRole("ROLE_ADMIN")) {
return "admin_page";
}
return "common_page";
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "login";
}
@RequestMapping("/regiPage")
public String regiPage(@ModelAttribute("user") User user,
BindingResult result) {
return "registration";
}
@RequestMapping(value = "/saveUser", method = RequestMethod.POST)
public String saveUserData(@ModelAttribute("user") User user,
BindingResult result) {
userService.addUser(user);
return "login";
}
}
</beans:beans>
// ------------------------
CustomServiceClass
import com.nikunj.javabrains.dao.UserDao;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@Service
@Transactional(readOnly=true)
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserDao userDAO;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
com.nikunj.javabrains.domain.User domainUser = userDAO.getUser(username);
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
System.out.println("*************************************");
System.out.println(domainUser.getId());
return new User(
domainUser.getUsername(),
domainUser.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(domainUser.getId())
);
}
public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
public List<String> getRoles(Integer role) {
List<String> roles = new ArrayList<String>();
if (role.intValue() == 1) {
roles.add("ROLE_ADMIN");
} else {
roles.add("ROLE_USER");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}
// ---------------------------
@Controller
public class AdminController {
@Autowired
private UserService userService;
@RequestMapping(value = "/admininput", method = RequestMethod.GET)
public String login(ModelMap model) {
System.out.println("*************************");
return "admininputpage";
}
}
어떻게 테스트하나요? 처음에는 (심지어 로그인되기도 전에) 사용자가 로그인해야합니까? 사용자가 로그 아웃을 클릭하거나 선택할 때 어떤 URL을 호출합니까? : 아웃 및 로그인을위한 URL –
난 " > Logout 등을 사용하고있다. – Nik
그리고 사용자가 여전히 페이지에 액세스 할 수 있는지 테스트하는 방법은 무엇입니까? –