Answer the question
In order to leave comments, you need to log in
B
B
Bruce Parker2019-06-12 06:41:43
Bruce Parker, 2019-06-12 06:41:43
How to make correct access rights to all users?
I have access rights to all pages only for the admin (only the login page can be visited by all users). So I want all users to be able to visit the "allStudents.jsp" page too. I correctly wrote the code for access rights? And how can I make sure that allStudents is the main page and immediately pops up when I start the project, it's just that now the authorization page comes out first
Security Config
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("{noop}1234").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().access("hasRole('ROLE_ADMIN')")
.and()
.authorizeRequests().antMatchers("/login**").permitAll()
.and()
.authorizeRequests().antMatchers("/allStudents**").permitAll()
.and()
.formLogin().loginPage("/login").loginProcessingUrl("/loginAction").permitAll()
.and()
.logout().logoutSuccessUrl("/login").permitAll()
.and()
.csrf().disable();
}
}AuthorizationController
package adil.java.schoolmaven.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class AuthorizationController {
@RequestMapping(value = "/admin", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView m = new ModelAndView();
m.addObject("title", "Successfully logged in");
m.addObject("message", "home");
m.setViewName("admin");
return new ModelAndView("redirect: allStudents");
}
}Student Controller
@Controller
public class StudentController {
@Autowired
private ServletContext servletContext;
// Constructor based Dependency Injection
private StudentService studentService;
public StudentController() {
}
@Autowired
public StudentController(StudentService studentService) {
this.studentService = studentService;
}
@RequestMapping(value = "/allStudents", method = {RequestMethod.GET, RequestMethod.POST})
public ModelAndView displayAllUser() {
System.out.println("User Page Requested : All Students");
ModelAndView mv = new ModelAndView();
List<Student> studentList = studentService.getAllStudents();
mv.addObject("studentList", studentList);
mv.setViewName("allStudents");
return mv;
}
@RequestMapping(value = "/addStudent", method = RequestMethod.GET)
public ModelAndView displayNewUserForm() {
ModelAndView mv = new ModelAndView("addStudent");
mv.addObject("headerMessage", "Add Student Details");
mv.addObject("student", new Student());
return mv;
}
@PostMapping(value = "/addStudent")
public String saveNewStudent(@RequestParam("name") @NonNull String name,
@RequestParam("surname") @NonNull String surname,
@RequestParam("avatar") MultipartFile file)
throws IOException {
Student student = new Student();
student.setSurname(surname);
student.setName(name);
if (file != null && !file.isEmpty()) {
student.setAvatar(studentService.saveAvatarImage(file).getName());
}
studentService.saveStudent(student);
return "redirect:/allStudents";
}
@GetMapping(value = "/editStudent/{id}")
public ModelAndView displayEditUserForm(@PathVariable Long id) {
ModelAndView mv = new ModelAndView("editStudent");
Student student = studentService.getStudentById(id);
mv.addObject("headerMessage", "Редактирование студента");
mv.addObject("student", student);
return mv;
}
@PostMapping(value = "/editStudent")
public String saveEditedUser(
@RequestParam("id") Long id,
@RequestParam("name") String name,
@RequestParam("surname") String surname,
@RequestParam("avatar") MultipartFile file) {
try {
studentService.updateStudent(name, surname, file, studentService.getStudentById(id));
} catch (FileSystemException ex) {
ex.printStackTrace();
} catch (IOException e) {
return "redirect:/error";
}
return "redirect:/allStudents";
}
@GetMapping(value = "/deleteStudent/{id}")
public ModelAndView deleteUserById(@PathVariable Long id) {
studentService.deleteStudentById(id);
ModelAndView mv = new ModelAndView("redirect:/allStudents");
return mv;
}
} 1 answer(s)
Hasanly @azerphoenix
this is due to the fact that the url /allStudents is not allowed for you, most likely, therefore, the login page opens for you.
If you want the /allStudents page to open when opening the site, then you need to:
simple example. Well, or you can, when accessing the url / return the template that you return with / allStudents
O
Orkhan, 2019-06-12 Hasanly @azerphoenix
I just now the authorization page comes out first
this is due to the fact that the url /allStudents is not allowed for you, most likely, therefore, the login page opens for you.
If you want the /allStudents page to open when opening the site, then you need to:
@GetMapping("/")
public String homePage() {
return "redirect:/allStudents";
}simple example. Well, or you can, when accessing the url / return the template that you return with / allStudents
Similar questions
P
N
S
L
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question