java – @Secured函数获取授权用户的拒绝访问权限
发布时间:2020-12-15 02:51:09 所属栏目:Java 来源:网络整理
导读:我已经按照很多线程将 Spring Security实现到我的rest API.最初我被卡在@Secured注释被忽略,现在我已经解决了,我被困在获得拒绝访问. 感觉像我的问题听起来非常相似:@secured with granted authorities throws access denied exception – 但我仍然被拒绝访
我已经按照很多线程将
Spring Security实现到我的rest API.最初我被卡在@Secured注释被忽略,现在我已经解决了,我被困在获得拒绝访问.
感觉像我的问题听起来非常相似:@secured with granted authorities throws access denied exception – 但我仍然被拒绝访问. 这是我的设置: 弹簧security.xml文件 <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <password-encoder ref="passwordEncoder" /> </authentication-provider> </authentication-manager> <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder"/> <user-service id="userDetailsService"> <user name="john" password="john1" authorities="ROLE_USER,ROLE_ADMIN" /> <user name="jane" password="jane1" authorities="ROLE_USER" /> <user name="apiuser" password="apiuser" authorities="PERMISSION_TEST" /> </user-service> 控制器: @Controller @RequestMapping("/secure") public class SecureController { private static final Logger logger = Logger.getLogger(SecureController.class); @Secured("PERMISSION_TEST") @RequestMapping(value = "/makeRequest",method = RequestMethod.GET) @ResponseBody public SimpleDTO executeSecureCall() { logger.debug("[executeSecureCall] Received request to a secure method"); SimpleDTO dto = new SimpleDTO(); dto.setStringVariable("You are authorized!"); return dto; } } 现在 – 没有正确的 <security:global-method-security secured-annotations="enabled"/> 我的请求通过(这是因为@Secured注释被忽略).当我把它放入并使用“apiuser”/“apiuser”访问它时,我一直拒绝访问,调试日志: 11:42:43,899 [http-apr-8080-exec-4] DEBUG MethodSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@cc12af5d: Principal: org.springframework.security.core.userdetails.User@d059c8e5: Username: apiuser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: PERMISSION_TEST; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: PERMISSION_TEST 11:42:43,899 [http-apr-8080-exec-4] DEBUG AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@2a9a42ef,returned: 0 11:42:43,900 [http-apr-8080-exec-4] DEBUG AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@75a06ec2,returned: 0 11:42:43,902 [http-apr-8080-exec-4] DEBUG AnnotationMethodHandlerExceptionResolver - Resolving exception from handler [com.test.webapp.spring.controller.SecureController@342d150f]: org.springframework.security.access.AccessDeniedException: Access is denied 11:42:43,905 [http-apr-8080-exec-4] DEBUG ResponseStatusExceptionResolver - Resolving exception from handler [com.test.webapp.spring.controller.SecureController@342d150f]: org.springframework.security.access.AccessDeniedException: Access is denied 11:42:43,906 [http-apr-8080-exec-4] DEBUG DefaultHandlerExceptionResolver - Resolving exception from handler [com.test.webapp.spring.controller.SecureController@342d150f]: org.springframework.security.access.AccessDeniedException: Access is denied 11:42:43,909 [http-apr-8080-exec-4] DEBUG DispatcherServlet - Could not complete request org.springframework.security.access.AccessDeniedException: Access is denied 思考? 提前致谢! 解决方法
我记得@Secured注释只适用于默认情况下以ROLE_开头的角色名称.
您可以切换到@PreAuthorize(“hasAuthority(‘PERMISSION_TEST’)”)(使用pre-post-annotations =“enabled”)或重命名您的角色. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- 直接Java / Groovy与ETL工具(Talend / etc) – 您将使用哪些
- java – 使用Spring Data Rest公开集合??上的超媒体链接,即
- maven的生命周期及常用命令介绍
- 【JVM从小白学成大佬】4.Java虚拟机何谓垃圾及垃圾回收算法
- java md5工具类
- java – 如何让两个客户端互相聊天?
- JDBC连接SQL Server数据库出现“通过端口 1433 连接到主机
- Java UTF-8编码未设置为URLConnection
- 将Annotation作为超级接口时,java – @SuppressWarnings的值
- java – 用于检查非null而非空的Lombok构建器