我在Spring Boot中安全性配置的以下代码段可进行身份验证,但未经授权。 您能帮忙指出错误吗?
Securityconfig.java
package com.vaidiksanatansewa.guruji.security;
import javax.sql.DataSource;
import com.vaidiksanatansewa.guruji.service.UserloginService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, IF(status=1, true, false) as enabled from users where username=? and status=1 ")
.authoritiesByUsernameQuery("select users.username as username, user_role.role as authority from users inner join user_role on users.role_fid=user_role.id where users.username=? and users.status=1");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers( "/appointment/**").permitAll()
.antMatchers("/user").hasRole("USER")
.and()
.formLogin().permitAll()
.and()
.csrf().disable();
}
}
我已将相应的控制器功能注释为@Secured(value={"USER"})
但是,当我尝试访问时,仍然显示There was an unexpected error (type=Forbidden, status=403).
Access is denied
有人可以给我看看一些灯光吗?