Spring Boot 中如何区分公有页面和私有页面？

Question

我正在制作一个仅用于学习目的的 Spring Boot 应用程序。 在其中我有一个带有 URL 模式 /home, 的 home.jsp 页面 带有 URL 模式 /first 的 first.jsp 页面 以及类似的带有 URL 模式 /second 的 second.jsp 页面。

现在我想将/home 设为公共页面（所有人都可以访问）并希望使/first 和/second 安全。

我正在尝试的是：

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/home").permitAll()
            .anyRequest().authenticated();
}

http://localhost:8080/home 工作正常，但 http://localhost:8080/first 和 http://localhost:8080/second 出现以下错误：

白标错误页面

此应用程序没有显式映射 /error，因此您将其视为后备。

2019 年 9 月 4 日星期三 20:02:52 IST

出现意外错误（类型=禁止，状态=403）。 访问被拒绝

Answer 1

在这种情况下，实际需要的是“基于角色的身份验证”

@Configuration
@EnableAutoConfiguration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
DataSource dataSource;

@Override
 protected void configure(HttpSecurity http) throws 
 Exception 
 {
     http.authorizeRequests()
    .antMatchers("/first").hasRole("SECURE_USERS")
    .antMatchers("/second").hasRole("SECURE_USERS")
    .antMatchers("/","/home").permitAll().anyRequest().authenticated().and()
    .formLogin().loginPage("/login").permitAll().and().logout().permitAll();
     http.exceptionHandling().accessDeniedPage("/403");
}

@Autowired
 public void configAuthentication(AuthenticationManagerBuilder auth) throws 
 Exception 
{
     auth.jdbcAuthentication().dataSource(dataSource)
    .passwordEncoder(passwordEncoder())
    .usersByUsernameQuery("select username,password, enabled from users where username=?")
    .authoritiesByUsernameQuery("select username, role from user_roles where username=?");
}

 public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

}

用户：

@Entity
@Table(name = "users")
public class Users {

@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "users_id", nullable = false)
private Integer users_id;

@Column(name = "username", nullable = false, unique = true)
private String username;

@Column(name = "password")
@Transient
private String password;

public Integer getUsers_id() {
    return users_id;
}

public void setUsers_id(Integer users_id) {
    this.users_id = users_id;
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}
}

用户角色：

@Entity
@Table(name = "user_roles", uniqueConstraints = 
@UniqueConstraint(columnNames = { "username", "role" }))
public class UserRoles {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "user_roles_fl_id", nullable = false)
private Integer user_roles_fl_id;

@Column(name = "username", nullable = false)
private String username;

@Column(name = "role")
private String role;

public Integer getUser_roles_fl_id() {
    return user_roles_fl_id;
}

public void setUser_roles_fl_id(Integer user_roles_fl_id) {
    this.user_roles_fl_id = user_roles_fl_id;
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getRole() {
    return role;
}

public void setRole(String role) {
    this.role = role;
}

}