Rest SpringSecurity403HTTP状态
我正在SpringBoot2.0.1项目上实现SpringSecurity 我有一些web服务,它们在Spring安全实现之前工作得很好。但现在,他们没有了 这是REST客户端中显示的错误消息Rest SpringSecurity403HTTP状态,rest,http,spring-boot,spring-security,jwt,Rest,Http,Spring Boot,Spring Security,Jwt,我正在SpringBoot2.0.1项目上实现SpringSecurity 我有一些web服务,它们在Spring安全实现之前工作得很好。但现在,他们没有了 这是REST客户端中显示的错误消息 { "timestamp": "2018-07-27T11:14:40.080+0000", "status": 403, "error": "Forbidden", "message": "Access Denied", "path": "/lsm/notific
{
"timestamp": "2018-07-27T11:14:40.080+0000",
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/lsm/notification/getCurrentUserNotifications"
}
google chrome上也有同样的错误:
以下是列出服务的控制器:
package com.sap.lsm.web;
import java.util.List;
import java.util.Random;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.sap.lsm.dao.NotifiedUserRepository;
import com.sap.lsm.dao.UserNotificationRepository;
import com.sap.lsm.entities.NotifiedUser;
import com.sap.lsm.entities.UserNotification;
import com.sap.lsm.service.UserNotificationService;
@RestController
public class UserNotificationController {
@Autowired
private UserNotificationService userNotificationService;
@Autowired
private UserNotificationRepository userNotificationRepository;
@RequestMapping(value="/notification/getCurrentUserNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotifs() {
return userNotificationService.getCurrentUserAllNotifications();
}
@RequestMapping(value="/notification/getCurrentUserNotSeenNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotSeenNotifs() {
return userNotificationService.getCurrentUserNotSeenNotifications();
}
@RequestMapping(value="/notification/deleteNotification/{id}", method=RequestMethod.DELETE)
public void deleteNotification(@PathVariable("id") Long id){
userNotificationService.deleteNotification(id);
}
@RequestMapping(value="/notification/getNotification/{id}", method=RequestMethod.GET)
public UserNotification getNotification(@PathVariable("id") Long id) {
UserNotification notification = this.userNotificationService.getNotification(id);
if(!notification.equals(null)) {
notification.setStatus("seen");
userNotificationRepository.save(notification);
}
return notification;
}
@RequestMapping(value="/notification/markCurrentUserNotificationsAsSeen", method=RequestMethod.GET)
public void markCurrentUserNotificationsAsSeen() {
userNotificationService.markAllNotificationsAsSeen();
}
}
如果您需要JWT身份验证和授权过滤器,我将稍后发布它们
请帮帮我,
谢谢
**更新**
连接用户的角色是ADMIN
路径/lsm在pom.xml中声明为属性,如下所示:
<m2eclipse.wtp.contextRoot>/lsm</m2eclipse.wtp.contextRoot>
/lsm
此根路径用于在Jenkins(集成服务器)下运行应用程序。您还可以指定用户当前登录的角色吗?是应用程序中的
/lsm
servlet.context path还是servlet.servlet.path
。或者它只是被部署?我怀疑选项1或3在这种情况下会从安全映射中删除/lsm
。否。。。正如您所注意到的,所有URL仅限于经过身份验证的用户。如果URL不匹配,这就是全部。如果发生情况1或3,URL将不匹配(因为它们从应用程序的根目录而不是服务器的根目录匹配!)。是否将前缀ROLE\uu
添加到要检查的JWT角色?或者您只是添加了ADMIN
?我只是添加了ADMIN作为角色
<m2eclipse.wtp.contextRoot>/lsm</m2eclipse.wtp.contextRoot>