弹簧安全登录活动目录不能正常工作

Question

我写了一个使用Spring安全性的Spring bot web应用程序。我有两个由两个不同的人使用的链接。所以我分别为用户和管理员创建了三个活动目录组。我的问题是，其中一个组中的人员能够访问该应用程序，但其余两个组无法访问该应用程序。它表示未授权查看该页面。

我的登录配置是

@Configuration 
    @EnableWebMvcSecurity 
    @ComponentScan("com.books.controller") 
    public class LoginConfiguration extends WebSecurityConfigurerAdapter 
    { 
     @Override 
     protected void configure(HttpSecurity http) throws Exception 
     { 
      http 
      .authorizeRequests() 
      .antMatchers("/") 
      .hasAuthority("BookAdmin") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/rentBook") 
      .hasAuthority("RentalBook") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/buybook") 
      .hasAuthority("BuyBook") 
      .and()  
      .authorizeRequests() 
      .antMatchers("/rentBook") 
      .hasAuthority("BookAdmin") 
      .and() 
      .authorizeRequests() 
      .antMatchers("/buyBook") 
      .hasAuthority("BookAdmin") 
     and().authorizeRequests().and().formLogin().loginProcessingUrl("/login") 
      .and().logout().permitAll() 
      .and().csrf().disable() 
      ; 
      http.headers().frameOptions().disable(); 
     } 
     @Override 
     protected void configure(AuthenticationManagerBuilder auth) throws Exception 
     { 
      auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider()); 
     } 
     @Bean 
     public AuthenticationManager authenticationManager() { 
      return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider())); 
     } 
     @Bean 
     public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() { 
      ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("xxx.klc", "ldap://klcdc03"); 
      provider.setConvertSubErrorCodesToExceptions(true); 
      provider.setUseAuthenticationRequestCredentials(true); 
      return provider; 
     } 
    } 

请找我Controller类以下。它在我的本地机器上完美运行。但是，当部署在服务器中时，它仅适用于BookAdmin组。我没有这些群体中的任何属性中列出了所有的文件

package com.tgw.gift.info.controller; 

@Controller 
public class LoginController { 
    @RequestMapping("/") 
     public String home(Model model, Authentication principal) 
     { 
      Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("BookAdmin")) 
      { 
      return "index"; 
      } else { 
      return "fail"; 
      } 

     } 


    private Set<String> listAuthorties(Authentication principal) 
     { 
      Set<String> set = new HashSet<String>(); 

      for(GrantedAuthority s: principal.getAuthorities()){ 
      set.add(s.getAuthority()); 
      } 
      return set; 
     } 

    @RequestMapping("/buyBook") 
    public String printDetails(Model model, Authentication principal){ 
     Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("BuyBook")) 
      { 
       return "buyBook"; 
      } else if(authorities.contains("BookAdmin")){ 
       return "buyBook"; 
      } else{ 
       return "fail"; 
      } 
    } 

    @RequestMapping("/rentBook") 
    public String printDetails(Model model, Authentication principal){ 
     Set<String> authorities=listAuthorties(principal); 

      if(authorities.contains("RentalBook")) 
      { 
       return "rentBook"; 
      } else if(authorities.contains("RentalAdmin")){ 
       return "rentBook"; 
      } else{ 
       return "fail"; 
      } 
    } 
} 

also this works fine when run locally, but not in server. 

Answer 1

你只需要一个authorizeRequests和一个antmatcher每网址：

 http 
      .authorizeRequests() 
       .antMatchers("/").hasAuthority("BookAdmin") 
       .antMatchers("/rentBook").hasAnyAuthority("RentalBook", "BookAdmin") 
       .antMatchers("/buybook").hasAnyAuthority("BuyBook", "BookAdmin")