Spring Security 3.2.6.RELEASE 升级到 4.2.3.RELEASE 踩了些坑,记录一下:
1、ifAnyGranted标签取消,使用<sec:authorize access="hasAnyRole('ROLE_ADMIN','ROLE_USER')">代替。
2、登录表单字段名修改:
j_username -> username
j_password -> password
_spring_security_remember_me -> remember-me
3、登陆后出现 Could not verify the provided CSRF token because your CSRF session was not found
这是因为spring security为了防止跨站请求做的.如果需要关闭那么在security:http下添加一个子标签<security:csrf disabled="true" />
4、Spring Security中角色前缀rolePrefix默认为“ROLE_”,如果要修改的话Spring Security 3 只需要实例化RoleVoter时设置rolePrefix属性即可,升级后发现标签access="hasAnyRole('A_ADMIN','A_USER')"失效&#