提交登录表单请求后获取Access Denied spring security

时间:2015-05-09 20:49:13

标签: spring security spring-mvc spring-security userdetailsservice

当我写

时,我面临一个奇怪的问题 
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />

它运行正常,但我将其更改为

 <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

直接进入403页面。

这是我的spring安全配置:

<http pattern="/api/**" security="none"/>
<http pattern="/login" security="none"/>
<http auto-config="true" use-expressions="true">


    <intercept-url pattern="/admin*" access="hasRole('ROLE_ADMIN')"/>

    <!-- access denied page -->
    <access-denied-handler error-page="/403" />
    <form-login login-page="/login" authentication-failure-url="/login?error"
        username-parameter="username" password-parameter="password" 
        authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
    <logout logout-success-url="/login?logout" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <!-- enable csrf protection -->
    <csrf />
</http>
<authentication-manager>
    <authentication-provider user-service-ref="loginService" />
</authentication-manager>

我的自定义UserDetailsS​​ervice:     package com.dynamic.spring.service;

@服务(&#34; login服务&#34) 公共类LoginServiceImpl实现UserDetailsS​​ervice {

@Autowired
LoginDao loginDao;

@Override
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
    Users user = loginDao.findByUserName(username);

    //problem
    List<GrantedAuthority> authorities = buildUserAuthority(user
            .getUserRole());
    return buildUserForAuthentication(user, authorities);
}

private User buildUserForAuthentication(Users user,
        List<GrantedAuthority> authorities) {
    return new User(user.getUser_email(), user.getPassword(),
            user.isEnabled(), true, true, true, authorities);
}

private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
    // Build user's authorities
    for (UserRole userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
    }
    List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(
            setAuths);
    return Result;
}

和LoginDaoImp:

 @Override
public Users findByUserName(String username) {
    session = sessionFactory.openSession();
    tx = session.getTransaction();
    session.beginTransaction();
    Users user = (Users) session.createQuery("From Users where User_email=:username")
            .setParameter("username", username)
            .uniqueResult();
    tx.commit();
    return user;
}

请有人帮助我,我被困住了。 感谢。

0 个答案:

没有答案
相关问题
最新问题