Java Spring安全阻止所有请求_Java_Spring Security_Authorization

Java Spring安全阻止所有请求

java spring-security

Java Spring安全阻止所有请求,java,spring-security,authorization,Java,Spring Security,Authorization,我正在尝试使用Spring3设置数据库用户身份验证。现在使用Spring附带的登录表单： <form action="<c:url value="/j_spring_security_check" />" method="POST"> <fieldset> <input name="j_username" type="text" placeholder="name" autofocus="auto

我正在尝试使用Spring3设置数据库用户身份验证。现在使用Spring附带的登录表单：

<form action="<c:url value="/j_spring_security_check" />" method="POST">
            <fieldset>
                <input name="j_username" type="text" placeholder="name" autofocus="autofocus" /><br/>
                <input name="j_password" type="password" placeholder="password" /><br/>
                <input type="submit" value="Login" />
            </fieldset>
        </form>

根据日志（从实现Spring UserDetailsService接口的my userService类进行日志记录），这将导致从数据库中提取用户并分配角色（使用UserDetails.toString在日志中查看）

当我点击一个应用程序URL时，我被正确地发送到登录页面。我登录后，无论URL如何，我都会被重定向到我的accessDenied页面。我的安全配置设置是否出错

我的安全配置如下：（删除了对模式等的引用，因此我被允许发布-它们被选为URL！）

谢谢大家的支持

问题出在我自己的代码中，我将角色/授权从数据库hibernate对象复制到将由loadUserByUsername实现返回的UserDetails对象

Spring正在运行，它只是因为代码中的错误而为UserDetails对象分配了不正确的角色

Spring/config是正确的

请发布其中一个被拒绝请求的调试日志输出。如果您使用的是“url友好”框架，请查看它和过滤器顺序。几天前我遇到了一个类似的问题（安全行为出乎意料），我通过更改过滤器顺序修复了它。

    <global-method-security  pre-post-annotations="enabled"></global-method-security>
    <http auto-config="true" create-session="ifRequired" use-expressions="true" access-denied-page="/accessDenied">
        <logout invalidate-session="true" logout-success-url="/loggedOut" /> 
        <anonymous/>
        <form-login login-page="/login" authentication-failure-url="/login"/>

        <intercept-url pattern="/reports/**" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/" access="hasRole('ROLE_REPORTS')" />

        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/data/routes" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/routes" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/routes" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/routes" method="PUT" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/route/**" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/route/**" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/route/**" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/route/**" method="PUT" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/data/patrolsummaries" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/patrolsummaries" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/patrolsummaries" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/patrolsummaries" method="PUT" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/patrolsummary/**" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/patrolsummary/**" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/patrolsummary/**" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/patrolsummary/**" method="PUT" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/data/guards" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/guards" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/guards" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/guards" method="PUT" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/guard/**" method="GET" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/data/guard/**" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/guard/**" method="POST" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/data/guard/**" method="PUT" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/include/js/pages/admin/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/include/js/pages/all.js" access="hasRole('ROLE_REPORTS')" />
        <intercept-url pattern="/include/js/pages/**" access="hasRole('ROLE_REPORTS')" />

        <intercept-url pattern="/include/js/**" access="hasRole('ROLE_ANONYMOUS')" />

        <intercept-url pattern="/public/**" filters="none"/>
        <intercept-url pattern="/login" filters="none"/>
        <intercept-url pattern="/loggedOut" filters="none"/>
        <intercept-url pattern="/include/css/**" filters="none"/>
        <intercept-url pattern="/include/img/**" filters="none"/>
        <intercept-url pattern="/include/**" access="hasRole('ROLE_REPORTS')" />
    </http>

    <beans:import resource="hibernate-context.xml" />
    <context:component-scan base-package="uk.co.romar.guardian.services" />

    <beans:bean id="userService" class="uk.co.romar.guardian.services.UserServiceImpl" />
    <beans:bean id="pwdEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
    <!-- <beans:bean id="saltSource" class="??"/>  -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userService">  
        </authentication-provider>
    </authentication-manager>
</beans:beans>