Spring Security hasRole()给出错误403-访问被拒绝 [英] Spring security hasRole() giving Error 403 - Access is denied
问题描述
我正在尝试查看仅管理员可以查看的特定页面,但是每次发出请求时都会出现错误.它似乎与我的安全上下文文件中的hasRole()一起存在.
I am trying to view a specific page that only the admin can view but I am getting an error every time I make the request. It appears to be with the hasRole() in my security-context file.
错误仅显示HTTP状态403-当我发出查看admin jsp页面的请求时,访问被拒绝
The error just says HTTP Status 403 - Access is denied when I make the request to see the admin jsp page
security-context.xml:
security-context.xml:
<security:http use-expressions="true">
<security:intercept-url pattern="/admin" access="hasAnyRole('admin')" />
<security:form-login login-page="/login"
authentication-failure-url="/login?error=true" />
<security:logout logout-success-url="/loogedout" />
<security:intercept-url pattern="/createoffer" access="isAuthenticated()" />
<security:intercept-url pattern="/docreate" access="isAuthenticated()" />
<security:intercept-url pattern="/offercreated" access="isAuthenticated()" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/loggedout" access="permitAll" />
<security:intercept-url pattern="/newaccount" access="permitAll" />
<security:intercept-url pattern="/createaccount" access="permitAll" />
<security:intercept-url pattern="/accountcreated" access="permitAll" />
<security:intercept-url pattern="/static/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/offers" access="permitAll" />
<security:intercept-url pattern="/**" access="denyAll" />
</security:http>
我数据库中的两个表是用户(用户名,电子邮件,已启用,密码)和权限(用户名,权限).
My two tables in my database are a user(username, email, enabled, password) and authorities(username, authority).
谁能建议我是什么错误或如何解决?
Could anyone suggest what my error is or how to fix it?
推荐答案
默认情况下,spring添加了ROLE_前缀,因此,将hasAnyRole('admin')更改为hasAnyRole('ROLE_admin')应该可以解决该错误,除非您具有自定义实现.
by default spring added ROLE_ prefix so changing hasAnyRole('admin') to hasAnyRole('ROLE_admin') should fix the error, unless you have custom implementation.
参考:
