Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java Spring安全4:提供角色时拒绝访问

2 年,1 月 Questions & Answers

代码运行良好,现在已经取代了下面的安全代码。xml提供基于角色的安全性,但访问被拒绝http status-403

取代

<intercept-url pattern="/inputcreate*" access="isAuthenticated()" /> 


<intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />

春季安全。xml

<http use-expressions="true" auto-config="true">
    <!-- <intercept-url pattern="/inputcreate*" access="isAuthenticated()" /> -->
    <intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />
    <form-login login-page="/login.html" default-target-url="/inputcreate.html"
        authentication-failure-url="/login.html" username-parameter="j_username"
        password-parameter="j_password" login-processing-url="/j_spring_security_check" />
    <logout logout-url="/j_spring_security_logout"
        logout-success-url="/index.html" />
</http>

共 (1) 个答案

  1. # 1 楼答案

    刚换了

    <intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />


    <intercept-url pattern="/inputcreate*" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />

    在谷歌搜索3-4小时后,做出上述改变 这对我有用

    在Spring文档中,这里给出了“前缀角色”

    public void setRolePrefix(String rolePrefix)
Allows a default role prefix to be specified. If this is set to a non-empty value, then it is automatically prepended to any roles read in from the db. 
This may for example be used to add the ROLE_ prefix expected to exist in role names (by default) by some other Spring Security classes, in the case that the prefix is not already present in the db.

        Parameters:
        rolePrefix - the new prefix