i'm currently implementing security with spring-boot to my little API as a project to school of course nothing big but i wanted to manage some roles and stuff. I've been trying with adding.antMatchers(url).hasRole(someRole). ... more ant matchers...
When testing log-in actualy show an error (type=Forbidden, status=403).
Here is some code
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/control").hasRole("ADMIN")
.antMatchers("/", "/index","/img/*.jpg","/*.js","/*.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder getPasswordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
Just a controller that shows my controlpanel to CRUD my animals:p
@Controller
@RequestMapping("/control")
public class AdminController {
@Autowired
private AnimalService animalService;
@RequestMapping
public String getAnimals(Model model) {
List<Animal> animals = animalService.getAnimals();
List<Animal> cats = new ArrayList<Animal>();
List<Animal> dogs = new ArrayList<Animal>();
List<Animal> bunnys = new ArrayList<Animal>();
List<Animal> rats = new ArrayList<Animal>();
animals.forEach(animal -> {
animal.setStr(Base64.getEncoder().encodeToString(animal.getImg()));
if (animal.getType().equals("cat")) {
cats.add(animal);
}
if (animal.getType().equals("dog")) {
dogs.add(animal);
}
if (animal.getType().equals("bunny")) {
bunnys.add(animal);
}
if (animal.getType().equals("rat")) {
rats.add(animal);
}
});
model.addAttribute("cats", cats);
model.addAttribute("dogs", dogs);
model.addAttribute("bunnys", bunnys);
model.addAttribute("rats", rats);
return "control";
}
}
I hope you guys can help me, im new with spring.
Re: it was as simple as save the role in de DB as the follows: ROLE_roleNAME
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.