I've added Spring security to my project and configured it as
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<intercept-url pattern="/add-job**" access="hasRole('USER')" />
<form-login
login-page="/login"
default-target-url="/"
always-use-default-target="true"/>
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
through the above configuration when I go to /add-job
it redirects me to \\login
and after login success I go to /add-job
it shows me error
is there any mistake I've.
Spring security is right in denying access:
admin/admin
with one authority ROLE_ADMIN
/add-job**
to users having ROLE_USER
authority No user can have the ROLE_USER
authority, so spring security will always deny access.
You should use either ROLE_ADMIN
or ROLE_USER
(or any other ROLE_xxx
you like) but use the same in protecting the resource ( access="hasRole(xxx)"
) and granting to user ( authorities="ROLE_xxx"
)
Anyway, the simplest way to fix is to add the required authority to user admin:
<user name="admin" password="admin" authorities="ROLE_ADMIN,ROLE_USER" />
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.