配置Http安全性

配置Http安全性

关注
发信
关注(28)粉丝(399)

java - 配置Http安全性

我有授予角色USER的这个网址,但我无法访问,并且当前通过身份验证的主体是用户

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().
                antMatchers(PUBLIC_MATCHERS).permitAll().
                antMatchers("/bookDetail/**").hasRole("USER").
                antMatchers("/listOfCreditCards/**").hasRole("USER").
                antMatchers("/shoppingCart/addItem/**").hasRole("USER").
                and().formLogin();

        http
                .csrf().disable().cors().disable()
                .formLogin().failureUrl("/login?error")
                .defaultSuccessUrl("/")
                .loginPage("/login").permitAll()
                .and()
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/?logout").deleteCookies("remember-me").permitAll()
                .and()
                .rememberMe();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        GrantedAuthority authority = new SimpleGrantedAuthority("USER");
        UserDetails userDetails = (UserDetails) new User("V", "A", Arrays.asList(authority));
        return new InMemoryUserDetailsManager(Arrays.asList(userDetails));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("V").password("A").roles("USER");


我得到以下输出-status“:403,” error“:” Forbidden“,” message“:”访问被拒绝“
关于我应该检查什么的任何建议,并且没有堆栈跟踪

最佳答案

您的代码中授权任何页面的唯一一行是:

antMatchers(PUBLIC_MATCHERS).permitAll()


如果这不是您的登录页面,则您将无法访问它,因为您尚未为其授予权限。您可能需要以下内容:

http.authorizeRequests().
 antMatchers(PUBLIC_MATCHERS).permitAll().
 antMatchers("/bookDetail/**").hasRole("USER").
 antMatchers("/listOfCreditCards/**").hasRole("USER").
 antMatchers("/shoppingCart/addItem/**").hasRole("USER").
.and()
.formLogin().loginPage("/loginPage").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home")
.failureUrl("/loginPage?error")
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/loginPage?logout")
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/accessDenied");

关于java - 配置Http安全性,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/48133255/

10-10 05:10
Powered by LMLPHP ©2024 配置Http安全性 0.044366