认证后重定向到白电平错误页面

Question

我正在一个项目中实现Spring Security。我们正在使用休眠作为ORM。我遇到的问题是，尽管我们输入了正确的凭据，但是页面正在重定向到白色错误页面，显示Error: Argument 1 must be a data frame or a named atomic vector, not a lm。

角色和用户存储在数据库中。我也创建了一个CustomUserDetails类CustomUserDetails类。但是并没有任何理由说明它没有发生扭曲。

CustomUserDetails

Access Is Denied

SeccrityConfig

public class CustomUserDetals implements UserDetails {

    @Autowired
    private User user;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        return user.getRole().stream().map(role-> new SimpleGrantedAuthority("ROLE_"+role))
                .collect(Collectors.toList());
    }

    @Override
    public String getPassword() {
        // TODO Auto-generated method stub
        return user.getPassword();
    }

    @Override
    public String getUsername() {
        // TODO Auto-generated method stub
        return user.getUserName();
    }

    @Override
    public boolean isAccountNonExpired() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isEnabled() {
        // TODO Auto-generated method stub
        return true;
    }

    public User getUser() {
        return user;
    }

    public void setUser(User user) {
        this.user = user;
    }

}

CustomUserDetailsS​​ervice

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDetailsService).passwordEncoder(encodePwd());
    }



    @Bean
    public BCryptPasswordEncoder encodePwd() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        http.csrf().disable();
        http.authorizeRequests().antMatchers("/user/admin/").authenticated().anyRequest().hasAnyRole("superadmin").and()
                .authorizeRequests().antMatchers("/user/welcome/").authenticated().anyRequest().hasAnyRole("user").and()
                .authorizeRequests().antMatchers("/").authenticated().anyRequest().permitAll().and().formLogin()
                .permitAll();



    }

}

RepositoryMethod

Service
@Transactional
public class CustomUserDetailsService implements UserDetailsService{

    @Autowired
    private UserRoleRepo repo;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        User user= repo.findUserWithUsername(username);
        CustomUserDetals details= null;

        if(user!= null) {
            details= new CustomUserDetals();
            details.setUser(user);
        }else {
            throw new UsernameNotFoundException("User Not Exist With Name"+ username);
        }

        return details;
    }


}

控制器

@Override
    public User findUserWithUsername(String username) {

        Query query= getSession().createQuery(loadUserName);
        query.setString(0, username);
        User u= null;

        Iterator<User> iterator= query.iterate();

        while(iterator.hasNext()) {
            u= iterator.next();
            System.out.println(u.getUserName()+" "+u.getMobileNo()+" "+u.getRole().toString());
        }

        return u;

    }

403-禁止

Answer 1

在SecurityConfig的configure方法中，尝试以下操作：

http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/user/admin/").hasRole("superadmin")
            .antMatchers("/user/welcome/").hasAnyRole("user")
            .antMatchers("/").permitAll()
            .and()
            .formLogin().permitAll();