我写了一个使用Spring安全性的Spring bot web应用程序。我有两个由两个不同的人使用的链接。所以我分别为用户和管理员创建了三个活动目录组。我的问题是,其中一个组中的人员能够访问该应用程序,但其余两个组无法访问该应用程序。它表示未授权查看该页面。弹簧安全登录活动目录不能正常工作
我的登录配置是
@Configuration
@EnableWebMvcSecurity
@ComponentScan("com.books.controller")
public class LoginConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/")
.hasAuthority("BookAdmin")
.and()
.authorizeRequests()
.antMatchers("/rentBook")
.hasAuthority("RentalBook")
.and()
.authorizeRequests()
.antMatchers("/buybook")
.hasAuthority("BuyBook")
.and()
.authorizeRequests()
.antMatchers("/rentBook")
.hasAuthority("BookAdmin")
.and()
.authorizeRequests()
.antMatchers("/buyBook")
.hasAuthority("BookAdmin")
and().authorizeRequests().and().formLogin().loginProcessingUrl("/login")
.and().logout().permitAll()
.and().csrf().disable()
;
http.headers().frameOptions().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("xxx.klc", "ldap://klcdc03");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}
请找我Controller类以下。它在我的本地机器上完美运行。但是,当部署在服务器中时,它仅适用于BookAdmin组。我没有这些群体中的任何属性中列出了所有的文件
package com.tgw.gift.info.controller;
@Controller
public class LoginController {
@RequestMapping("/")
public String home(Model model, Authentication principal)
{
Set<String> authorities=listAuthorties(principal);
if(authorities.contains("BookAdmin"))
{
return "index";
} else {
return "fail";
}
}
private Set<String> listAuthorties(Authentication principal)
{
Set<String> set = new HashSet<String>();
for(GrantedAuthority s: principal.getAuthorities()){
set.add(s.getAuthority());
}
return set;
}
@RequestMapping("/buyBook")
public String printDetails(Model model, Authentication principal){
Set<String> authorities=listAuthorties(principal);
if(authorities.contains("BuyBook"))
{
return "buyBook";
} else if(authorities.contains("BookAdmin")){
return "buyBook";
} else{
return "fail";
}
}
@RequestMapping("/rentBook")
public String printDetails(Model model, Authentication principal){
Set<String> authorities=listAuthorties(principal);
if(authorities.contains("RentalBook"))
{
return "rentBook";
} else if(authorities.contains("RentalAdmin")){
return "rentBook";
} else{
return "fail";
}
}
}
also this works fine when run locally, but not in server.
欢迎堆栈溢出。我已经修复了一些错别字。我还删除了描述中的前导空格,以阻止它看起来像代码。我用2个星号加粗了一些关键词。请解释你的意思是“它不适用于非BookAdmin组” –