SpringBoot和Spring Security无法进行身份验证

时间:2016-09-08 14:27:29

标签: java spring-security spring-boot

我创建了一个具有基本安全性(用户,角色)的SpringBoot应用程序,它可以正常工作。之后,我想用权限扩展应用程序,但现在我卡住了,因为我的应用程序不再进行身份验证。

我刚刚添加/修改了实体和服务。

所以,当我尝试获取此资源时:http://localhost:8080/user/list登录页面按我的意愿进入,但是当我输入用户凭据时,我得到AccessDenied exception,这是因为所有资源都是用@PreAuthorize注释。

控制器样本:

@Controller
public class UserController {
    @RequestMapping("/user/list")
    @PreAuthorize("hasRole('PERM_READ_USER')")
    public String listUsers(Model model){
        return "user/list";
    }

    @RequestMapping("/user/show")
    public String getUser(){
        return "user/show";
    }

调试信息:

2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/address/list]
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /address/list
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.AddressController.listAddresses()]
2016-09-08 16:10:06.459 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/address/list] is: -1
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.465 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : Could not complete request

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:65) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at com.example.controllers.AddressController$$EnhancerBySpringCGLIB$$d75cbf26.listAddresses(<generated>) ~[classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_101]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_101]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_101]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_101]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.4.jar:8.5.4]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]

2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/login]
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()]
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/login] is: -1
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.servlet.view.BeanNameViewResolver  : No matching bean found for view name 'login'
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] based on requested media type 'text/html'
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : Rendering view [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] in DispatcherServlet with name 'dispatcherServlet'
2016-09-08 16:10:06.485 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : Successfully completed request
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping  : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping  : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {}
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping  : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**]
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping  : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {}
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet        : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet        : Successfully completed request
2016-09-08 16:10:06.595 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:10:06.597 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : Successfully completed request

但是,当我只是简单地拨打/login并输入凭据并点击提交时,没有任何事情发生。

在这种情况下,我得到了这个调试信息:

2016-09-08 16:16:29.567 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/login]
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()]
2016-09-08 16:16:29.571 DEBUG 22958 --- [io-8080-exec-10] o.s.web.cors.DefaultCorsProcessor        : Skip CORS processing: request is from same origin
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.servlet.view.BeanNameViewResolver  : No matching bean found for view name 'login'
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] based on requested media type 'text/html'
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet        : Rendering view [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] in DispatcherServlet with name 'dispatcherServlet'
2016-09-08 16:16:29.576 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet        : Successfully completed request
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping  : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**]
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping  : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {}
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1
2016-09-08 16:16:29.666 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:16:29.667 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet        : Successfully completed request
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**]
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {}
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:16:29.669 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Successfully completed request

我的userDetailsS​​ervice:

@Service("userDetailsService")
public class SpringSecurityUserdetailsServiceImpl implements UserDetailsService {

    private UserService userService;
    private Converter<User, UserDetails> userToUserDetailsConverter;

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Autowired
    @Qualifier(value = "userToUserDetails")
    public void setUserUserDetailsConverter(Converter<User, UserDetails> userUserDetailsConverter) {
        this.userToUserDetailsConverter = userUserDetailsConverter;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return userToUserDetailsConverter.convert(userService.findByUsername(username));
    }
}

我的安全配置:

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().ignoringAntMatchers("/h2-console").disable()
            .authorizeRequests().antMatchers("/**/favicon.ico") .permitAll()
            .and().authorizeRequests().antMatchers("/webjars/**").permitAll()
            .and().authorizeRequests().antMatchers("/static/css").permitAll()
            .and().authorizeRequests().antMatchers("/js").permitAll()
            .and().formLogin().loginPage("/").permitAll()
            .and().formLogin().loginPage("/login").permitAll()
            .and().exceptionHandling().accessDeniedPage("/access_denied");
}

我的项目也可在https://github.com/eszikk/spring-security/tree/spring-security-database-permissions中找到。如果您有任何想法,请告诉我。 BR,

1 个答案:

答案 0 :(得分:1)

请求永远不会到达您的控制器,因为您的安全配置中不允许使用此路由。

您应该添加:

.antMatchers("/user/**").hasAnyAuthority("ROLE_ADMIN")

-OR -

.antMatchers("/user/**").hasAnyRole("ADMIN")

(请注意两种情况下的&#39; ROLE _&#39;前缀)。

或者,您可以添加全局

    .anyRequest().authenticated()

匹配器允许访问任何经过身份验证的用户的任何网址。然后,您可以使用控制器中的@PreAuthorize逻辑来微调访问。

&#39; .authorizeRequests()&#39; call允许链接,这意味着你可以这样做:

            .authorizeRequests()
            .antMatchers("/**/favicon.ico") .permitAll()
            .antMatchers("/webjars/**").permitAll()
            .antMatchers("/static/css").permitAll()
            .antMatchers("/js").permitAll()
            .anyRequest().authenticated()