我正在使用Spring Security 4并遇到以下问题。
这是spring-security.xml
A这是用户详细信息服务:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" access="hasRole('ADMIN')" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
当我导航到@Service
@Transactional
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO Auto-generated method stub
com.hersbitcloud.cancercloud.models.User instance = new com.hersbitcloud.cancercloud.models.User(username, null, null);
com.hersbitcloud.cancercloud.models.User domainUser = userDAO.findByExample(instance).get(0);
List<GrantedAuthority> setAuths = new ArrayList<GrantedAuthority>();
setAuths.add(new SimpleGrantedAuthority(domainUser.getRole()));
User user = new User(
domainUser.getUsername(),
domainUser.getPassword(),
setAuths
);
return user;
}
页面时,会显示登录页面。我使用的用户名和密码我确信其角色为/admin,因为它可以通过ADMIN进行变更。
但是,一旦获得授权,就会显示Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();。我认为这意味着用户名和密码是正确的,但角色出了问题。
有什么问题?
答案 0 :(得分:1)
问题在于您的角色应该是ROLE_ADMIN