0
http.authorizeRequests().antMatchers("/dms**").access("hasAnyRole('admin','dms')");
用戶應該具有admin或dms角色導航到該頁面。 我以管理員身份登錄。雖然角色正確提供了彈簧安全授權
從日誌中我可以看到角色的匹配正確(數據庫角色和登錄的用戶角色)
Granted Authorities: admin
但我仍然可以看到訪問被拒絕。任何線索? 這裏完整的日誌
2016-11-10 16:41:46 DEBUG AntPathRequestMatcher:157 - Checking match of
request : '/dms.jsp'; against '/dms**'
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /dms.jsp; Attributes: [hasAnyRole('admin','dms')]
2016-11-10 16:41:46 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframew[email protected]9546: Principal: [email protected]: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: admin; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: LVXYO0lvcLRvJFcH9pJO_kO2R5B7ha4LLm3DwZ7m; Granted Authorities: admin
2016-11-10 16:41:46 DEBUG AffirmativeBased:66 - Voter: org.sp[email protected]7ade02ad, returned: -1
2016-11-10 16:41:46 DEBUG ExceptionTranslationFilter:186 - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)