0
我使用的是spring 4.3.10.RELEASE和spring-security 4.2.3.RELEASE
當我嘗試打開/ admin成功認證後,我得到403,但我已經全部需要有關部門,看看tomcat日誌。春季安全認證成功後返回HTTP 403
我的安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll().and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout")
.invalidateHttpSession(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).and()
.csrf().and()
.exceptionHandling().accessDeniedPage("/403");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery("SELECT username, password, enabled FROM app_user WHERE username = ?")
.authoritiesByUsernameQuery("SELECT username, role FROM app_user_role WHERE username = ?");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
public void setDataSource(DataSource dataSource) {
this.dataSource = dataSource;
}
我的Tomcat的日誌:
2017-07-28 14:18:15 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/admin'; against '/resources/**'
2017-07-28 14:18:15 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/admin'; against '/admin/**'
2017-07-28 14:18:15 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /admin; Attributes: [hasRole('ROLE_ADMIN')]
2017-07-28 14:18:15 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframew[email protected]f9ea146f: Principal: [email protected]: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN,USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenti[email protected]: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 9F780DC552AED23804184D55F3F9BF0D; Granted Authorities: ADMIN, USER
2017-07-28 14:18:15 DEBUG AffirmativeBased:66 - Voter: org.sp[email protected]6e6a7061, returned: -1
2017-07-28 14:18:15 DEBUG ExceptionTranslationFilter:185 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)