Java 问题:Spring自定义登录返回403拒绝访问页面
在输入正确的凭据后,我获得403拒绝访问页面。以下是一些重要文件 Spring-Security.xmlJava 问题:Spring自定义登录返回403拒绝访问页面,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,在输入正确的凭据后,我获得403拒绝访问页面。以下是一些重要文件 Spring-Security.xml <security:http auto-config="true" use-expressions="true"> <security:intercept-url pattern="/manageIndustry/viewAddIndustryForm" access="hasRole('Recruiter')" /> <security:form
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/manageIndustry/viewAddIndustryForm"
access="hasRole('Recruiter')" />
<security:form-login login-page="/login/"
default-target-url="/userpage/"
authentication-failure-url="/accessdenied"
username-parameter="emailId"
password-parameter="userPassword"
login-processing-url="/j_spring_security_check"
always-use-default-target="false" />
<security:logout invalidate-session="true" />
<security:csrf />
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="LoginService">
</security:authentication-provider>
打开后<代码>http://localhost:8080/JobPortal/login并输入正确的凭据,它会将我重定向到addIndustry页面,同时考虑登录控制器中的默认目标url=“/userpage/”
和代码
但是当我尝试不登录直接访问addIndustry页面时,即http://localhost:8080/JobPortal/manageIndustry/viewAddIndustryForm
它会根据Spring Security.xml中的配置打开登录页面
,但即使提供了正确的凭据,我仍会获得HTTP状态403-访问被拒绝
任何帮助都将不胜感激
谢谢。您使用的是哪个版本的spring security?据我所知,在旧版本中,您必须在用户角色中添加前缀“ROLE\”,因此在buildSimpleGrantedAuthority中,您应该执行以下操作:
private List<SimpleGrantedAuthority> buildSimpleGrantedAuthority(
final UserVO userVO) {
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
if (userVO.getRoleVO() != null) {
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"+userVO
.getRoleVO().getRoleName()));
}
return grantedAuthorities;
}
私有列表构建SimpleGrantedAuthority(
最终用户VO(用户VO){
List GrantedAuthories=new ArrayList();
if(userVO.getRoleVO()!=null){
grantedAuthority.add(新的SimpleGrantedAuthority(“角色”+userVO
.getRoleVO().getRoleName());
}
返回授权机构;
}
@RequestMapping("/userpage")
public ModelAndView userpage() {
ModelAndView modelAndView = new ModelAndView();
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
log.info(principal);
if (principal instanceof UserDetails) {
Collection<? extends GrantedAuthority> authorities = ((UserDetails) principal)
.getAuthorities();
if (authorities.size() == 1) {
final Iterator<? extends GrantedAuthority> iterator = authorities
.iterator();
GrantedAuthority grantedAuthority = iterator.next();
if (grantedAuthority.getAuthority().equals("Recruiter")) {
IndustryVO industryVO = new IndustryVO();
modelAndView.addObject("industryVO", industryVO);
modelAndView.setViewName("addIndustry");
return modelAndView;
}
}
}
modelAndView.setViewName("viewIndustry");
return modelAndView;
}
@RequestMapping("/manageIndustry")
public class IndustryController {
@Autowired
IndustryDAO industryDAO;
@RequestMapping("/viewAddIndustryForm")
public ModelAndView viewAddIndustryForm() {
Object principal=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
log.info("this is called");
ModelAndView modelAndView = new ModelAndView();
IndustryVO industryVO = new IndustryVO();
modelAndView.addObject("industryVO", industryVO);
modelAndView.setViewName("addIndustry");
return modelAndView;
}
private List<SimpleGrantedAuthority> buildSimpleGrantedAuthority(
final UserVO userVO) {
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
if (userVO.getRoleVO() != null) {
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"+userVO
.getRoleVO().getRoleName()));
}
return grantedAuthorities;
}