我正在一个项目中实现Spring Security。我们正在使用休眠作为ORM。我遇到的问题是,尽管我们输入了正确的凭据,但是页面正在重定向到白色错误页面,显示Error: Argument 1 must be a data frame or a named atomic vector, not a lm。
角色和用户存储在数据库中。我也创建了一个CustomUserDetails类CustomUserDetails类。但是并没有任何理由说明它没有发生扭曲。
Access Is Deniedpublic class CustomUserDetals implements UserDetails {
@Autowired
private User user;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getRole().stream().map(role-> new SimpleGrantedAuthority("ROLE_"+role))
.collect(Collectors.toList());
}
@Override
public String getPassword() {
// TODO Auto-generated method stub
return user.getPassword();
}
@Override
public String getUsername() {
// TODO Auto-generated method stub
return user.getUserName();
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(encodePwd());
}
@Bean
public BCryptPasswordEncoder encodePwd() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/user/admin/").authenticated().anyRequest().hasAnyRole("superadmin").and()
.authorizeRequests().antMatchers("/user/welcome/").authenticated().anyRequest().hasAnyRole("user").and()
.authorizeRequests().antMatchers("/").authenticated().anyRequest().permitAll().and().formLogin()
.permitAll();
}
}
Service
@Transactional
public class CustomUserDetailsService implements UserDetailsService{
@Autowired
private UserRoleRepo repo;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user= repo.findUserWithUsername(username);
CustomUserDetals details= null;
if(user!= null) {
details= new CustomUserDetals();
details.setUser(user);
}else {
throw new UsernameNotFoundException("User Not Exist With Name"+ username);
}
return details;
}
}
@Override
public User findUserWithUsername(String username) {
Query query= getSession().createQuery(loadUserName);
query.setString(0, username);
User u= null;
Iterator<User> iterator= query.iterate();
while(iterator.hasNext()) {
u= iterator.next();
System.out.println(u.getUserName()+" "+u.getMobileNo()+" "+u.getRole().toString());
}
return u;
}
403-禁止
答案 0 :(得分:1)
在SecurityConfig的configure方法中,尝试以下操作:
http.csrf().disable()
.authorizeRequests()
.antMatchers("/user/admin/").hasRole("superadmin")
.antMatchers("/user/welcome/").hasAnyRole("user")
.antMatchers("/").permitAll()
.and()
.formLogin().permitAll();