本文介绍了Spring Security hasRole()给出错误403-访问被拒绝的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试查看仅管理员可以查看的特定页面,但是每次发出请求时都会出现错误.它似乎与我的安全上下文文件中的hasRole()一起存在.

I am trying to view a specific page that only the admin can view but I am getting an error every time I make the request. It appears to be with the hasRole() in my security-context file.

错误仅显示HTTP状态403-当我发出查看admin jsp页面的请求时,访问被拒绝

The error just says HTTP Status 403 - Access is denied when I make the request to see the admin jsp page

security-context.xml:

security-context.xml:

<security:http use-expressions="true">
    <security:intercept-url pattern="/admin" access="hasAnyRole('admin')" />
    <security:form-login login-page="/login"
        authentication-failure-url="/login?error=true" />
    <security:logout logout-success-url="/loogedout" />
    <security:intercept-url pattern="/createoffer" access="isAuthenticated()" />
    <security:intercept-url pattern="/docreate" access="isAuthenticated()" />
    <security:intercept-url pattern="/offercreated" access="isAuthenticated()" />
    <security:intercept-url pattern="/" access="permitAll" />
    <security:intercept-url pattern="/loggedout" access="permitAll" />
    <security:intercept-url pattern="/newaccount" access="permitAll" />
    <security:intercept-url pattern="/createaccount" access="permitAll" />
    <security:intercept-url pattern="/accountcreated" access="permitAll" />
    <security:intercept-url pattern="/static/**" access="permitAll" />
    <security:intercept-url pattern="/login" access="permitAll" />
    <security:intercept-url pattern="/offers" access="permitAll" />
    <security:intercept-url pattern="/**" access="denyAll" />
</security:http>

我数据库中的两个表是用户(用户名,电子邮件,已启用,密码)和权限(用户名,权限).

My two tables in my database are a user(username, email, enabled, password) and authorities(username, authority).

谁能建议我是什么错误或如何解决?

Could anyone suggest what my error is or how to fix it?

推荐答案

默认情况下,spring添加了ROLE_前缀,因此,将hasAnyRole('admin')更改为hasAnyRole('ROLE_admin')应该可以解决该错误,除非您具有自定义实现.

by default spring added ROLE_ prefix so changing hasAnyRole('admin') to hasAnyRole('ROLE_admin') should fix the error, unless you have custom implementation.

参考:

http://docs.spring.io/spring-security/site/docs/current-SNAPSHOT/apidocs/org/springframework/security/access/vote/RoleVoter.html

https://docs.spring.io/spring-security/site/docs/3.2.3.RELEASE/apidocs/org/springframework/security/core/userdetails /jdbc/JdbcDaoImpl.html#setRolePrefix(java.lang.String)

这篇关于Spring Security hasRole()给出错误403-访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-29 14:09
查看更多