我正在使用Spring Security来验证和验证我的用户。身份验证工作完全正常但是当用户被重定向到需要特定访问权限的登录页面时,它会进入“拒绝访问”页面(用户具有所需的访问权限)
这是我的Spring安全配置:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/welcome*" access="hasRole('ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="emailId"
password-parameter="pwd" />
<logout logout-success-url="/login?logout" />
</http>
这是控制台日志的最后一部分:
2016-05-31 12:37:39 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2586e756: Principal: org.springframework.security.core.userdetails.User@4361438: Username: test@test.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted **Authorities: ADMIN**,USER-EX; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: EF69C8E091A4AFEA8B043CC29AF29AE0; Granted Authorities: ADMIN, USER-EX
2016-05-31 12:37:39 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6eb2a0ec, returned: -1
2016-05-31 12:37:39 DEBUG ExceptionTranslationFilter:186 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
正如您所看到的,日志显示用户已通过身份验证并且具有&#34; ADMIN&#34;访问并且应该能够查看/欢迎页面,但这不会发生。
这里的任何帮助都将受到高度赞赏。
Spring版本 - 4.2.6 Spring Security - 4.1.0 Java - 1.8
答案 0 :(得分:0)
您尚未提及“/ welcome”
的授权例如:
<intercept-url pattern="/welcome" access="isAuthenticated()" />
答案 1 :(得分:0)
原来这是一个单身的“/”,它正在逃学。
已更改 <intercept-url pattern="/welcome*" access="hasRole('ADMIN')" /> 至 <intercept-url pattern="/welcome/*" access="hasRole('ADMIN')" />
我见过教程,模式是“/ abc / **”谁能告诉我单*和双的区别?感谢