http.authorizeRequests().antMatchers("/dms**").access("hasAnyRole('admin','dms')");
用户应该具有管理员或dms角色才能导航到该页面。
我以管理员身份登录。
从日志中,我可以看到角色正确匹配(数据库角色和登录的用户角色)
Granted Authorities: admin
但我仍然可以看到访问被拒绝。有什么线索吗?
完整的日志在这里
2016-11-10 16:41:46 DEBUG AntPathRequestMatcher:157 - Checking match of
request : '/dms.jsp'; against '/dms**'
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /dms.jsp; Attributes: [hasAnyRole('admin','dms')]
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9546: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: admin; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: LVXYO0lvcLRvJFcH9pJO_kO2R5B7ha4LLm3DwZ7m; Granted Authorities: admin
2016-11-10 16:41:46 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7ade02ad, returned: -1
2016-11-10 16:41:46 DEBUG ExceptionTranslationFilter:186 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
最佳答案
只需在可用角色前面加上“ ROLE_”即可解决此问题。
不知道为什么春天不允许自己的角色