问候!
当我尝试对我现有的数据库进行身份验证时,我正在通过身份验证但是我得到了403页面。如果我只是尝试了错误的密码,我会收到“错误的凭据”消息。 我尝试对SpringSecurity附带的每个示例应用进行身份验证,并且运行正常。
security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security secured-annotations="enabled"></global-method-security>
<http auto-config="true" >
<intercept-url pattern="/admin/**" access="ROLE_TEST" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login
login-page="/login/index.jsp"
default-target-url="/admin/test.jsp"
authentication-failure-url="/login/index.jsp?login_error=1" />
</http>
<authentication-provider user-service-ref="jdbcUserService">
<password-encoder ref="passwordEncoder">
<salt-source system-wide="n103df"/>
</password-encoder>
</authentication-provider>
<beans:bean id="jdbcUserService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="rolePrefix" value="" />
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="enableAuthorities" value="true"/>
<beans:property name="enableGroups" value="false"/>
<beans:property name="authoritiesByUsernameQuery" value="SELECT username,authority FROM authorities WHERE username = ?" />
<beans:property name="usersByUsernameQuery" value="SELECT username,password,enabled as enabled FROM users WHERE username = ?" />
<beans:property name="groupAuthoritiesByUsernameQuery" value="" />
</beans:bean>
<beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder"/>
非常感谢任何帮助:-) 提前谢谢!
答案 0 :(得分:40)
如果您获得403代码,则表示该用户没有所需的角色。因此,授权不是问题,是授权
知道发生了什么的唯一方法是将日志记录级别调试,应该有更多信息。发布在这里。
您的角色是否具有“ROLE_”前缀?
答案 1 :(得分:2)
......想通了。尽管在配置文件中指定了ROLE_TEST,并且在db的'authority'列中也是如此,但是Spring-Sec期待ROLE_SUPERVISOR:
[DEBUG,AbstractSecurityInterceptor,http-8084-7] Secure object: FilterInvocation: URL: /admin/test.jsp; ConfigAttributes: [ROLE_TEST]
[DEBUG,AbstractSecurityInterceptor,http-8084-7] Previously Authenticated: org.springframework.security.providers.UsernamePasswordAuthenticationToken@af840ed7: Principal: org.springframework.security.userdetails.User@3ec100: Username: testUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: 350B260FAFDDBF04D5CB4AAAB7B8A441; Granted Authorities: ROLE_SUPERVISOR
[DEBUG,ExceptionTranslationFilter,http-8084-7] Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.AccessDeniedException: Access is denied
at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
...现在我很好奇,怎么样? 因此,在配置文件中将ROLE_TEST更改为ROLE_SUPERVISOR后,所有工作都按预期工作。