Java mongodb后授权和预授权不起作用的spring引导安全性
身份验证正在工作,但授权无效。请帮忙,我找不到哪里出了问题 控制器Java mongodb后授权和预授权不起作用的spring引导安全性,java,mongodb,spring-security,spring-boot,spring-restcontroller,Java,Mongodb,Spring Security,Spring Boot,Spring Restcontroller,身份验证正在工作,但授权无效。请帮忙,我找不到哪里出了问题 控制器 @RestController @RequestMapping("/v1/user") public class UserController { @PostAuthorize("hasRole('ROLE_ADMIN')") //@PreAuthorize("hasRole('ROLE_ADMIN')"), both are not working @RequestMapping(method = Reque
@RestController
@RequestMapping("/v1/user")
public class UserController {
@PostAuthorize("hasRole('ROLE_ADMIN')") //@PreAuthorize("hasRole('ROLE_ADMIN')"), both are not working
@RequestMapping(method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteUser() {
log.debug("Only Admin can access this");
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
System.out.println("User name "+auth.getName()); //prints - User name pratap
System.out.println("User Authorities "+auth.getAuthorities()); // prints - User Authorities [ADMIN]
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().
httpBasic().and().
csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService);
}
}
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
System.out.println("username "+user.getUsername());
if(user != null) {
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("ADMIN"));
} else {
throw new UsernameNotFoundException("could not find the user '"
+ username + "'");
}
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().
httpBasic().and().
csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService);
}
}
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
System.out.println("username "+user.getUsername());
if(user != null) {
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("ADMIN"));
} else {
throw new UsernameNotFoundException("could not find the user '"
+ username + "'");
}
}
}
{
"timestamp": 1472789456591,
"status": 403,
"error": "Forbidden",
"message": "Access is denied",
"path": "/v1/user/pratap"
}
我明白了。添加角色时,应以“角色”作为前缀 而在@PreAuthorize中,它应该没有前缀“ROLE_389;”
授权不起作用意味着什么?你有403错误吗?@sivaprasadeddy.k是的,我有403错误