在我的应用程序中,我试图向管理员用户授予“/ user / **”权限和“/ admin / **”权限,但我收到403错误。
我正在使用spring boot 1.5.3
安全配置类:
@echo off
cls
cd C:/Users/surafel911/Documents/Coding/Projects/Engines/Test/
@echo on
gcc -o bin/debug/main code/main.c code/src/*.c -g -Werror -std=c11 ^
-
IC:/Users/surafel911/Documents/Coding/Projects/Engines/Test/external/include
^
-LC:/Users/surafel911/Documents/Coding/Projects/Engines/Test/external/lib ^
-lmingw32 -lopengl32 -lkernel32 -luser32 -lgdi32 -lcomdlg32 -lglfw3
@echo off
cd C:/Users/surafel911/Documents/Coding/Projects/Engines/Test/build/
Authencation provider class:
package com.alokpanda.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@Order(1)
public class WebSecurityConfigure extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider authenticationProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(authenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/login", "/logout").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.failureUrl("/")
.and()
.logout()
//.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.csrf()
.disable();
}
}
UserDetailsService类:
package com.alokpanda.security.impl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import com.alokpanda.security.service.CustomUserDetailsService;
@Service
public class AuthenticationProviderImpl extends AbstractUserDetailsAuthenticationProvider {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken token)
throws AuthenticationException {
System.out.println(userDetails.getUsername());
System.out.println(userDetails.getPassword());
System.out.println(token.getCredentials());
System.out.println(token.getCredentials().equals(userDetails.getPassword()));
System.out.println(userDetails.getAuthorities());
if(userDetails.getUsername() == null || token.getCredentials() == null) {
throw new BadCredentialsException("Credential may not be null.");
}
if(!token.getCredentials().equals(userDetails.getPassword())) {
System.out.println("Err");
throw new BadCredentialsException("Invalid Credentials.");
}
}
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token)
throws AuthenticationException {
UserDetails userDetails = customUserDetailsService.loadUserByUsername(username);
return userDetails;
}
}
答案 0 :(得分:1)
默认情况下,spring security会为您的角色添加ROLE_前缀。
将角色保存在您的数据库中ROLE_USER和ROLE_ADMIN。