Spring安全总是返回403

时间:2018-03-07 10:17:40

标签: spring spring-security

有人可以告诉我为什么这段代码总是返回403?

我映射/登录以触发安全登录,但它无法正常工作。

package esercizio.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("q@q").password("pluto").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
        .antMatchers("/**").anonymous()
        .antMatchers("/auth/**").hasRole("USER")
        .anyRequest().authenticated()
        .and()
        .formLogin()
        .loginPage("/login.jsp")
        .defaultSuccessUrl("/auth/list-student")
        .failureUrl("/errorPage")
        .and()
        .logout().logoutSuccessUrl("/login.jsp");
    }
}

如果网址不以/ auth开头,它应该允许任何人进入,我不知道它为什么不会发生。

1 个答案:

答案 0 :(得分:-1)

我认为,你必须在ROLE_USER这样的权限之前加上'ROLE_'。

更多访问:

Spring Security always return the 403 accessDeniedPage after login

相关问题
最新问题