[英]HTTP Status 403 - Access is denied Spring security
I've added Spring security to my project and configured it as 我已将Spring安全性添加到我的项目中并将其配置为
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<intercept-url pattern="/add-job**" access="hasRole('USER')" />
<form-login
login-page="/login"
default-target-url="/"
always-use-default-target="true"/>
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
through the above configuration when I go to /add-job
it redirects me to \\login
and after login success I go to /add-job
it shows me error 通过以上配置,当我去
/add-job
它将我重定向到\\login
,登录成功后我转到/add-job
它显示我错误
is there any mistake I've. 我有什么错误吗?
Spring security is right in denying access: Spring拒绝访问是正确的:
admin/admin
with one authority ROLE_ADMIN
admin/admin
,其中包含一个权限ROLE_ADMIN
/add-job**
to users having ROLE_USER
authority ROLE_USER
/add-job**
访问权限限制为具有ROLE_USER
权限的用户 No user can have the ROLE_USER
authority, so spring security will always deny access. 没有用户可以拥有
ROLE_USER
权限,因此Spring安全性将始终拒绝访问。
You should use either ROLE_ADMIN
or ROLE_USER
(or any other ROLE_xxx
you like) but use the same in protecting the resource ( access="hasRole(xxx)"
) and granting to user ( authorities="ROLE_xxx"
) 您应该使用
ROLE_ADMIN
或ROLE_USER
(或您喜欢的任何其他ROLE_xxx
),但使用相同的方法来保护资源( access="hasRole(xxx)"
)并授予用户( authorities="ROLE_xxx"
)
Anyway, the simplest way to fix is to add the required authority to user admin: 无论如何,最简单的修复方法是向用户admin添加所需的权限:
<user name="admin" password="admin" authorities="ROLE_ADMIN,ROLE_USER" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.