sec:authorize在spring security 3.2和jsf中不起作用

Question

sec:authorize在spring security 3.2和jsf中不起作用

当我在我的页面中放置这样的标签时:
用户和管理员还会在运行时显示？
xmlns:sec ="http://www.springframework.org/security/tags"
spring-security-taglibs-3.2.3.RELEASE
我有2个文件夹(管理员和用户)
也用use-expressions ="true"测试
了不是结果!
我使用了mysql
表(users和user_roles)......

<sec:authorize access="ROLE_ADMIN">
        <div> test Admin</div>
    </sec:authorize> 
    <sec:authorize access="ROLE_USER">
        <div> test User</div>
    </sec:authorize>
            or
  <sec:authorize  access="hasRole('ROLE_ADMIN')" >
        <h:outputText value="Admin"/>
    </sec:authorize> 
    <sec:authorize access="hasRole('ROLE_USER')" >
        <h:outputText value="User"/>
    </sec:authorize>

Run Code Online (Sandbox Code Playgroud)

security.xml文件

 <http auto-config="true" use-expressions="true"  >
        <intercept-url pattern="/Admin/*" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/user/*" access="hasRole('ROLE_USER')"/>
         ...
 </http>

Run Code Online (Sandbox Code Playgroud)

谢谢!

Answer 1

0x5*_*a4d 4

要使用 Spring Security Facelets 标记库，您需要创建一个 .taglib.xml 文件并将其注册到 web.xml 中。

使用以下内容创建文件 /WEB-INF/springsecurity.taglib.xml：

<?xml version="1.0"?>
<!DOCTYPE facelet-taglib PUBLIC
"-//Sun Microsystems, Inc.//DTD Facelet Taglib 1.0//EN"
"http://java.sun.com/dtd/facelet-taglib_1_0.dtd">
<facelet-taglib>
    <namespace>http://www.springframework.org/security/tags</namespace>
    <tag>
        <tag-name>authorize</tag-name>
        <handler-class>org.springframework.faces.security.FaceletsAuthorizeTagHandler</handler-class>
    </tag>
    <function>
        <function-name>areAllGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areAllGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>areAnyGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areAnyGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>areNotGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areNotGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>isAllowed</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean isAllowed(java.lang.String, java.lang.String)</function-signature>
    </function>
</facelet-taglib>

Run Code Online (Sandbox Code Playgroud)

接下来，在web.xml中注册上述文件taglib：

<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>

Run Code Online (Sandbox Code Playgroud)

现在您可以在视图中使用标签库了。您可以使用授权标签有条件地包含嵌套内容：

<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ui="http://java.sun.com/jsf/facelets"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:sec="http://www.springframework.org/security/tags">

    <sec:authorize ifAllGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

    <sec:authorize ifNotGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

    <sec:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

</ui:composition>

Run Code Online (Sandbox Code Playgroud)

您还可以在任何 JSF 组件的呈现属性或其他属性中使用多个 EL 函数之一：

<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ui="http://java.sun.com/jsf/facelets"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:sec="http://www.springframework.org/security/tags">

    <!-- Rendered only if user has all of the listed roles -->
    <h:outputText value="Lorem ipsum dolor sit amet" rendered="#{sec:areAllGranted('ROLE_FOO, ROLE_BAR')}"/>

    <!-- Rendered only if user does not have any of the listed roles -->
    <h:outputText value="Lorem ipsum dolor sit amet" rendered="#{sec:areNotGranted('ROLE_FOO, ROLE_BAR')}"/>

    <!-- Rendered only if user has any of the listed roles -->
    <h:outputText value="Lorem ipsum dolor sit amet" rendered="#{sec:areAnyGranted('ROLE_FOO, ROLE_BAR')}"/>

    <!-- Rendered only if user has access to given HTTP method/URL as defined in Spring Security configuration -->
    <h:outputText value="Lorem ipsum dolor sit amet" rendered="#{sec:isAllowed('/secured/foo', 'POST')}"/>

</ui:composition>

Run Code Online (Sandbox Code Playgroud)

测试于：

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.2.3.RELEASE</version>
        </dependency>

Run Code Online (Sandbox Code Playgroud)

归档时间：	11 年，10 月前
查看次数：	3491 次
最近记录：	11 年，4 月前