我无法使Spring Security工作。我用security:user-service测试了我的应用程序,它运行得非常好。但是,当我更换
<security:user-service>
<security:user name="XX" password="XX" authorities="ROLE_EDITOR" />
</security:user-service>
与
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT name as username, password, 1 as enabled FROM cuser WHERE name=?;"
authorities-by-username-query="SELECT u.name as username, r.name as authority FROM cuser u join cuserrole ur on ur.iduser=u.id join crole r on r.id=ur.idrole where u.name=?;" />
</security:authentication-provider>
</security:authentication-manager>
我再也无法工作了。继续从服务器获得403响应。我在我的数据库上运行查询并返回预期值。
我也无法进行日志记录工作,所以我发现很难调试幕后真正发生的事情。 我确实在SO上读过类似的问题
How do I enable logging for Spring Security?
Debugging Spring configuration
尝试解决方案坚果仍然记录不起作用。如果有人有任何想法,你的帮助是值得的。
答案 0 :(得分:0)
不敢相信..
Spring需要ROLE_前缀才能使安全性发挥作用。因此我得到了403.
答案 1 :(得分:0)
类RoleVoter有一个属性rolePrefix
public class RoleVoter implements AccessDecisionVoter<Object> {
// ~ Instance fields
// ================================================================================================
private String rolePrefix = "ROLE_";
// ~ Methods
// ========================================================================================================
public String getRolePrefix() {
return rolePrefix;
}
/**
* Allows the default role prefix of <code>ROLE_</code> to be overridden. May be set
* to an empty value, although this is usually not desirable.
*
* @param rolePrefix the new prefix
*/
public void setRolePrefix(String rolePrefix) {
this.rolePrefix = rolePrefix;
}
因此,您可以在RoleVoter中设置此属性,然后设置为AccessDecissionManager并将其配置为spring security http配置中的access-decission-manager-ref