HTTP状态[403]。 Spring MVC和Apache Tomcat 8.5.15

时间:2017-05-29 10:11:45

标签: java spring tomcat spring-security

我的问题是拒绝授权。我在服务器上部署WAR文件时遇到的这个问题。我可以登录,但无法前往访问权限仅为ROLE_USERROLE_ADMIN的用户面板。我用localhost测试了我的申请,我没有授权问题。我将整个数据库从本地导入到服务器数据库(我使用MySQL)。

这是错误:

enter image description here

这是我的代码:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@ComponentScan(basePackageClasses = UserDetailsServiceImpl.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
                .and()
            .authorizeRequests()
                .antMatchers("/user/**").access("hasRole('ROLE_USER')")
                .and()
            .logout()
                .logoutSuccessUrl("/homepage")
                .logoutUrl("/logout")
                .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/homepage")
                .and()
            .exceptionHandling();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    } 
}

@Controller
@Secured({"ROLE_ADMIN"})
@RequestMapping(value = "/admin")
public class AdminController {

    @Autowired
    private UserService userService;

    @Autowired
    private UserRoleService userRoleService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @RequestMapping(method = RequestMethod.GET)
    public String start(Model model) {
        model.addAttribute("username", SecurityContextHolder.getContext().getAuthentication().getName());
        model.addAttribute("userlist", userService.getListOfUsers());
        return "admin/start";
    }
}

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserDAO userDAO;

    @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userDAO.findByUsername(username);
        if (user != null) {
            boolean enabled = user.getStatus().equals(UserStatus.ACTIVE);
            boolean accountNonExpired = user.getStatus().equals(UserStatus.ACTIVE);
            boolean credientialsNonExpired = user.getStatus().equals(UserStatus.ACTIVE);
            boolean accountNonLocker = user.getStatus().equals(UserStatus.ACTIVE);

            Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

            for (Role role : user.getRoles()) {
                authorities.add(new SimpleGrantedAuthority(role.getRole()));
            }

            return new org.springframework.security.core.userdetails.User(user.getUsername(),
                user.getPassword(),
                enabled,
                accountNonExpired,
                credientialsNonExpired,
                accountNonLocker,
                authorities);
        } else {
            throw new UsernameNotFoundException(String.format("User not found:  %1$d", username));
        }
    }
}

0 个答案:

没有答案
相关问题
最新问题