Spring安全授权无法正常工作,尽管正确提供了角色
Spring安全授权无法正常工作,尽管正确提供了角色
提问于 2016-11-10 19:24:52
http.authorizeRequests().antMatchers("/dms**").access("hasAnyRole('admin','dms')");用户应具有管理员或dms角色才能导航到该页面。我以管理员身份登录。
从日志中,我可以看到角色正确匹配(数据库角色和登录用户角色)
Granted Authorities: admin但我仍然可以看到访问被拒绝。有什么线索吗?完整的日志在这里
2016-11-10 16:41:46 DEBUG AntPathRequestMatcher:157 - Checking match of
request : '/dms.jsp'; against '/dms**'
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /dms.jsp; Attributes: [hasAnyRole('admin','dms')]
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9546: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: admin; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: LVXYO0lvcLRvJFcH9pJO_kO2R5B7ha4LLm3DwZ7m; Granted Authorities: admin
2016-11-10 16:41:46 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7ade02ad, returned: -1
2016-11-10 16:41:46 DEBUG ExceptionTranslationFilter:186 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)回答 1
Stack Overflow用户
发布于 2016-11-10 20:17:09
只需在可用角色前添加“ROLE_”即可解决此问题。不确定为什么spring不允许自己的角色
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/40526445
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号