我正在使用弹簧4.3.10.RELEASE和弹簧安全4.2.3.RELEASE
当我在成功认证后尝试打开/管理员时,我得到403,但我有所有必需的权限,请查看tomcat日志。
我的安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll().and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout")
.invalidateHttpSession(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).and()
.csrf().and()
.exceptionHandling().accessDeniedPage("/403");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery("SELECT username, password, enabled FROM app_user WHERE username = ?")
.authoritiesByUsernameQuery("SELECT username, role FROM app_user_role WHERE username = ?");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
public void setDataSource(DataSource dataSource) {
this.dataSource = dataSource;
}
我的Tomcat日志:
2017-07-28 14:18:15 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/admin'; against '/resources/**'
2017-07-28 14:18:15 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/admin'; against '/admin/**'
2017-07-28 14:18:15 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /admin; Attributes: [hasRole('ROLE_ADMIN')]
2017-07-28 14:18:15 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@f9ea146f: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN,USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 9F780DC552AED23804184D55F3F9BF0D; Granted Authorities: ADMIN, USER
2017-07-28 14:18:15 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6e6a7061, returned: -1
2017-07-28 14:18:15 DEBUG ExceptionTranslationFilter:185 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
答案 0 :(得分:0)
解决!关键是前缀" ROLE _"
create proc [dbo].[Summary]
@Quarter int,
@Year int
AS
BEGIN
Declare @SC AS decimal(18,0)
Declare @PO AS decimal(18,0)
Declare @INV AS decimal(18,0)
SELECT BD.ID, BD.Project,Status,(Select SUM(Amount) as S1 from Details a where Status='S1' and BD.Project = a.Project), (Select SUM(Amount) as P1 from Details b where Status='P1' and BD.Project = b.Project)
FROM ProjectDetails (NOLOCK) BD
inner join Details (NOLOCK) D on BD.Project = D.Project
WHERE BD.Quarter = @Quarter and BD.Year = @Year and BD.Project = D.Project
Group By BD.LineID, BD.Project,Status
END