Authentication 在成功使用JDBC进行Spring安全性身份验证后,访问被拒绝
成功身份验证后,我被重定向到拒绝访问页面 网站安全上下文Authentication 在成功使用JDBC进行Spring安全性身份验证后,访问被拒绝,authentication,jdbc,spring-security,access-denied,spring-4,Authentication,Jdbc,Spring Security,Access Denied,Spring 4,成功身份验证后,我被重定向到拒绝访问页面 网站安全上下文 @Configuration @EnableWebSecurity public class WebSecurityContext extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired public void configAuthentication(Authenticati
@Configuration
@EnableWebSecurity
public class WebSecurityContext extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/login").permitAll()
.antMatchers("/admin/**").hasAnyRole("ROLE_ADMIN", "ROLE_CONTRIBUTOR","ROLE_ROOT")
.and()
.formLogin().loginPage("/admin/login")
.failureUrl("/admin/login/error")
.successHandler(new SuccessfulAuthHandler())
.loginProcessingUrl("/admin/login")
.defaultSuccessUrl("/admin")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/admin/login/logout");
}
@Bean(name = "passwordencoder")
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(10);
}
成功处理程序
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException {
final HttpSession currentSession = request.getSession();
final User user = userService.findByUsername(authentication.getName());
final List<Object> jObj = new ArrayList<>();
final List<Institution> institutions = institutionService.findAllByUserID(user.getId());
for(Institution i : institutions){
Map<String, Object> m = new HashMap<>();
m.put("name", i.getName());
m.put("id", i.getId());
jObj.add(m);
}
currentSession.setAttribute("userInInstitution", jObj);
currentSession.setAttribute("currentUser", user);
String servlet = "";
if(user.getRole() == ConstantsCommon.USER_ROLE_ADMIN){
servlet = DashBoardController.URL;
currentSession.setAttribute("dashboardServlet", servlet);
}else{
servlet = DashBoardController.URL;
currentSession.setAttribute("dashboardServlet", servlet);
}
if(jObj.size() > 1){
currentSession.setAttribute("institution",institutions.get(0));
}else{
currentSession.setAttribute("institution",institutions.get(0));
}
RedirectStrategy r = new DefaultRedirectStrategy();
r.sendRedirect(request,response, servlet);
}
@覆盖
AuthenticationSuccess(HttpServletRequest请求、HttpServletResponse响应、,
身份验证)引发IOException{
final HttpSession currentSession=request.getSession();
最终用户=userService.findByUsername(authentication.getName());
最终列表jObj=newarraylist();
最终列表机构=institutionService.findAllByUserID(user.getId());
(机构一:机构){
Map m=新的HashMap();
m、 put(“name”,i.getName());
m、 put(“id”,i.getId());
jObj.添加(m);
}
setAttribute(“userInInstitution”,jObj);
currentSession.setAttribute(“currentUser”,user);
字符串servlet=“”;
if(user.getRole()==ConstantsCommon.user\u ROLE\u ADMIN){
servlet=DashBoardController.URL;
setAttribute(“dashboardServlet”,servlet);
}否则{
servlet=DashBoardController.URL;
setAttribute(“dashboardServlet”,servlet);
}
如果(jObj.size()>1){
currentSession.setAttribute(“institution”,institutions.get(0));
}否则{
currentSession.setAttribute(“institution”,institutions.get(0));
}
RedirectStrategy r=新的DefaultRedirectStrategy();
r、 sendRedirect(请求、响应、servlet);
}
登录HTML
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="pr-wrap">
<div class="pass-reset">
<label>
Enter the email you signed up with</label>
<input type="email" placeholder="Email" />
<input type="submit" value="Submit" class="pass-reset-submit btn btn-success btn-sm" />
</div>
</div>
<div class="wrap">
<p class="form-title">Sign In</p>
<form class="login" name="loginForm" method='POST'>
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
<input type="text" name="username" placeholder="Username"/>
<input type="password" name="password" placeholder="Password"/>
<input type="submit" name="submit" value="Sign In" class="btn btn-success btn-sm" />
<div class="remember-forgot">
<div th:if="${error}" class="alert alert-danger notificationMsg" role="alert">
<span th:text="${error}"></span>
</div>
<div th:if="${msg}" class="alert alert-success notificationMsg" role="alert">
<span th:text="${msg}"></span>
</div>
<!--<div class=" forgot-pass-content">-->
<!--<a href="javascript:void(0)" class="forgot-pass">Forgot Password</a>-->
<!--</div>-->
</div>
</form>
</div>
</div>
</div>
输入您注册的电子邮件
登录
我在这里做错了什么??????im登录的用户的角色为“role\u ADMIN”。我还注意到,我的成功处理程序甚至没有被触发,这表明mu身份验证不成功,但这不可能是正确的,因为密码和用户名是100%正确的。Spring 4.0.2版;我调用的Url是/admin/dashboard;目前,我使用tomcat生成的默认403页面进行显示,但我应该在/admin/*路径中看到任何页面。您是否在登录页面中发送了CSRF令牌?是的,我有@durShow your
UserDetailsService
。