配置Http安全性

时间:2018-01-07 00:26:08

标签: java spring security https

我有这个网址,我已经给了角色USER但我无法访问,目前经过身份验证的校长是用户

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().
                antMatchers(PUBLIC_MATCHERS).permitAll().
                antMatchers("/bookDetail/**").hasRole("USER").
                antMatchers("/listOfCreditCards/**").hasRole("USER").
                antMatchers("/shoppingCart/addItem/**").hasRole("USER").
                and().formLogin();

        http
                .csrf().disable().cors().disable()
                .formLogin().failureUrl("/login?error")
                .defaultSuccessUrl("/")
                .loginPage("/login").permitAll()
                .and()
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/?logout").deleteCookies("remember-me").permitAll()
                .and()
                .rememberMe();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        GrantedAuthority authority = new SimpleGrantedAuthority("USER");
        UserDetails userDetails = (UserDetails) new User("V", "A", Arrays.asList(authority));
        return new InMemoryUserDetailsManager(Arrays.asList(userDetails));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("V").password("A").roles("USER");

我得到了这个输出-status":403,"错误":"禁止","消息":"访问被拒绝&# 34; 关于我应该检查什么以及没有堆栈跟踪的任何建议

1 个答案:

答案 0 :(得分:1)

代码中唯一授权任何页面的行是:

antMatchers(PUBLIC_MATCHERS).permitAll()

如果这不是您的登录页面,您将无法访问它,因为您尚未授予其权限。您可能需要以下内容:

http.authorizeRequests().
 antMatchers(PUBLIC_MATCHERS).permitAll(). 
 antMatchers("/bookDetail/**").hasRole("USER").
 antMatchers("/listOfCreditCards/**").hasRole("USER").
 antMatchers("/shoppingCart/addItem/**").hasRole("USER").
.and()
.formLogin().loginPage("/loginPage").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home")
.failureUrl("/loginPage?error")
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/loginPage?logout")
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/accessDenied");
相关问题
最新问题