我在弹簧靴中使用弹簧安全装置。这是我的授权配置:
@Configuration
@EnableAutoConfiguration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder)
.usersByUsernameQuery("select username,password,enable from user where username=?")
.authoritiesByUsernameQuery("SELECT username,sys_role "
+ " FROM user join user_sys_role on user.id=user_sys_role.user_id"
+ " where username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers( "/registeration").permitAll()
.antMatchers("/").hasRole("USER")
.anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll()
.and().logout().permitAll();
http.exceptionHandling().accessDeniedPage("/403");
http.formLogin().defaultSuccessUrl("/", true);
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
}
它只是说,在成功登录后导航到页面:"/":
http.formLogin().defaultSuccessUrl("/", true);
但是,它给了我404错误。我确信我在/
我加倍检查我的控制台,真正的错误是:
org.springframework.security.access.AccessDeniedException: Access is denied
更新
用户类是:
@Data
@Entity
@NoArgsConstructor
public class User {
@ElementCollection
@Enumerated(EnumType.STRING)
Collection<SystemRole> sysRole=EnumSet.of(SystemRole.USER);
然后
public enum SystemRole {
ADMIN,ORGANIZER,USER
}