获取 org.springframework.security.access.AccessDeniedException：即使在 jwtAuthentication 中将数据保存到数据库后，访问仍被拒绝

Question

这是我的 controller class 代码，我用它来获取用户并将该特定用户保存在数据库中，但在点击数据/或发送数据后，它被提交到我的数据库，但之后我收到此错误消息。

package com.app.Exam.USerController;

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.app.Exam.Models.Roles;
import com.app.Exam.Models.User;
import com.app.Exam.Models.UserRoll;
import com.app.Exam.Service.UserService;

@CrossOrigin(origins = "http://localhost:4200")
@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;
    
    @Autowired
 private PasswordEncoder bCryptPasswordEncoder;
    
    @PostMapping("/")
    public User createUser(@RequestBody User user) throws Exception {
        
        User user2=new User();
        user2.setPassword(this.bCryptPasswordEncoder.encode(user.getPassword()));
        user2.setEmail(user.getEmail());
        user2.setFirstName(user.getFirstName());
        user2.setLastName(user.getLastName());
        user2.setPhone(user.getPhone());
        user2.setUserName(user.getUserName());
        
        Roles roll=new Roles();
        //roll.setRollId(46L);
        roll.setRollName("NORMAL");
        
        
        //user.setUserRolls(list);
        
        List<UserRoll> list=new ArrayList<>();
        UserRoll userRoll=new UserRoll();
        userRoll.setRoles(roll);
        userRoll.setUser(user2); 
        list.add(userRoll);
        roll.setUserRolls(list);
        
        
        
 User local=this.userService.CreateUser(user2,list);
     
     return local;
    }
    
    @GetMapping("/{username}")
    private User getUserByName(@PathVariable("username") String username) {
    User user=this.userService.getUserByName(username);
    return user;
    }
    
//  @GetMapping("/{id}")
//  private User deleteUser(@PathVariable("id") Long id) throws Exception {
//  User user=this.userService.deleteUserbyid(id);
//  return user;
//  }

}

我的 spring 安全配置 class 如下：

package com.app.Exam.Security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.app.Exam.JwtConfig.JwtAuthenticationEntryPoint;
import com.app.Exam.JwtConfig.JwtRequestFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Autowired
    private UserDetailsService userDetailsService;
    
    @Autowired
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

    @Autowired
    JwtRequestFilter jwtAuthenticationFilter;
    
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
         
    
        http
        .csrf().disable().cors().disable()
        .authorizeHttpRequests() 
        .requestMatchers("/Authenticate","/user/").permitAll()
        .requestMatchers(HttpMethod.OPTIONS).permitAll()
        .anyRequest().authenticated()  
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
        .and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authenticationProvider(this.daoAuthenticationProvider());
        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        
    return  http.build();
        
    }
//  @Override
//  protected void configure(HttpSecurity http) throws Exception {
//      http
//      .csrf().disable().cors()
//      .disable().authorizeHttpRequests().antMatchers("/Authenticate","/user/").permitAll()
//      .antMatchers(HttpMethod.OPTIONS).permitAll()
//      .anyRequest().authenticated() 
//      .and()
//      .exceptionHandling()
//      .authenticationEntryPoint(jwtAuthenticationEntryPoint)
//      .and()
//      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//      
//      http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
//      }
//  
    @Bean  
    PasswordEncoder pass() {
        return new BCryptPasswordEncoder(); 
    } 
    
//  @Bean
//  AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
//      return authenticationConfiguration.getAuthenticationManager();
//  }
     
    @Bean
    AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { 
        return authenticationConfiguration.getAuthenticationManager();
    }
    
    @Bean
    DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider=new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(this.pass());
        return daoAuthenticationProvider;
    }

}

我的错误 Stackstrace 如下所示。在这里输入图像描述在这里输入图像描述在这里enter code here输入图像描述

Answer 1

经过多次研究后，我发现我的答案发生了这个错误，因为我没有从前端提供用户滚动并在我的后端定义它，如果我们想这样做，我们必须在 model 中指定该属性 @JsonIgnore 就像下面这样

@OneToMany(cascade = CascadeType.ALL,fetch = FetchType.EAGER,mappedBy ="用户")

@Json忽略

私有列表 userRolls=new ArrayList<>();

它通知 serverlet 请求忽略该特定属性的 null json……

对于这种数据绑定错误，使用 @JsonIgnore 它对我有用。 这是 jaxb 数据绑定错误，这就是为什么 spring 安全抛出 Access denied error After Committing data to Db...

获取 org.springframework.security.access.AccessDeniedException：即使在 jwtAuthentication 中将数据保存到数据库后，访问仍被拒绝

问题描述

1 个解决方案

解决方案1
0 2023-01-05 06:16:31

获取 org.springframework.security.access.AccessDeniedException：即使在 jwtAuthentication 中将数据保存到数据库后，访问仍被拒绝

问题描述

1 个解决方案

解决方案1 0 2023-01-05 06:16:31

解决方案1
0 2023-01-05 06:16:31