[英]Java spring-boot problem with access to pages
I have a problem with spring-boot-security.我对 spring-boot-security 有疑问。 Problem: can't access /getuser (403 Forbidden)
问题:无法访问/getuser(403 Forbidden)
WebConfig:网络配置:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/styles/**", "/error").permitAll()
.antMatchers("/users", "/userlog").hasRole(AdminRoles.DEV.name())
.antMatchers("/logs", "/updlog").hasAnyRole(AdminRoles.DEV.name(), AdminRoles.ADMIN.name())
.antMatchers("/update", "/getuser", "/").hasAnyRole(AdminRoles.DEV.name(), AdminRoles.ADMIN.name(),
AdminRoles.MODERATOR.name())
.anyRequest().authenticated()
.and()
.formLogin();
}
/getuser in controller: controller 中的 /getuser:
@RequestMapping("/getuser")
public String getuser(String userData, int server, Model model) throws SQLException, Exception{
model.addAttribute("user", base.GetUser(userData, server));
return "index";
}
UPD1: I can access / without any problems UPD1:我可以访问/没有任何问题
UPD2: I can access any page except pages which return index with model UPD2:除了返回索引为 model 的页面外,我可以访问任何页面
UPD3: SecurityContextHolder.getContext().getAuthentication().getAuthorities().equals("ROLE_DEV") // true
UPD3:
SecurityContextHolder.getContext().getAuthentication().getAuthorities().equals("ROLE_DEV") // true
I've added .csrf().disable()
in configure method and it helped me!我在配置方法中添加了
.csrf().disable()
,它帮助了我!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.