[英]hasRole() not working error Http Status 403 - Access is denied
以下是我的security-config文件中的配置:
<security:http use-expressions="true">
<security:intercept-url pattern="/adminarea"
access="hasRole('admin')" />
<security:intercept-url pattern="/logincheck"
access="permitAll" />
<security:intercept-url pattern="/newaccount"
access="permitAll" />
<security:intercept-url pattern="/createnewaccount"
access="permitAll" />
<security:intercept-url pattern="/home"
access="isAuthenticated()" />
<security:intercept-url pattern="/static/**"
access="permitAll" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:form-login login-page="/"
authentication-failure-url="/?error=true" default-target-url="/home" />
</security:http>
我正在使用spring默认登录,效果很好。 但是,当我尝试使用aceess /adminarea出现Http Status 403 - Access is denied /adminarea Http Status 403 - Access is denied错误。 任何帮助。
编辑:AuthenticationManager
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource" />
</security:authentication-provider>
</security:authentication-manager>
JSP上的代码:
<sec:authentication property="principal"/>
<sec:authorize access="hasRole('admin')">
<a href="${pageContext.request.contextPath}/adminarea">Admin Area</a>
</sec:authorize>
第一个标签输出如下
rg.springframework.security.core.userdetails.User@6d8e08d5:用户名:zubi@yahoo.com; 密码保护]; 启用:true; AccountNonExpired:true; certificateNonExpired:true; AccountNonLocked:true; 授予的权限:admin
第二个标签什么也不输出。
我假设您已经创建了以下表格
create table users(
username varchar_ignorecase(50) not null primary key,
password varchar_ignorecase(50) not null,
enabled boolean not null);
create table authorities (
username varchar_ignorecase(50) not null,
authority varchar_ignorecase(50) not null,
constraint fk_authorities_users foreign key(username) references users(username));
create unique index ix_auth_username on authorities (username,authority);
应用程序上下文xml中的以上身份验证管理器配置需要这些。
并且您已将角色admin插入authorities表中。
我通过将DB中的角色设置为ROLE_XXX或我的情况下ROLE_ADMIN解决了该问题。 然后使用以下代码:
安全配置:
<security:intercept-url pattern="/adminarea"
access="hasRole('ROLE_ADMIN')" />
JSP:
<sec:authorize access="hasRole('ROLE_ADMIN')">
<a href="${pageContext.request.contextPath}/adminarea">Admin Area</a>
</sec:authorize>
通过我的尝试来使其正常工作。 我猜定义的角色需要在CAPITAL并且应该以ROLE_作为前缀。
希望它可以帮助遇到此问题的任何人。
Spring Security hasRole()提供错误403-访问被拒绝
[英]Spring security hasRole() giving Error 403 - Access is denied
spring CORS和angular not working:HTTP状态码403错误
[英]spring CORS and angular not working : HTTP status code 403 error
Access Denied (Status 403) 错误消息试图访问在 Spring 引导项目中声明的 index.html 文件
[英]Access Denied (Status 403) error message trying to access index.html file declared in Spring Boot project
访问被拒绝(服务:Amazon S3;状态代码:403;错误代码:AccessDenied;请求 ID:xxxxxxxxxxxxx)
[英]Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxxxxxxxx)
“状态”:403,“错误”:“禁止”“消息”:邮递员弹簧启动代码中的“访问被拒绝”
[英]"status": 403, "error": "Forbidden" "message": "Access Denied" in postman spring boot code
AWS S3 Java 拒绝访问服务:Amazon S3; 状态码:403; 错误代码:拒绝访问;
[英]AWS S3 Java Access Denied Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.