Rest SpringSecurity403HTTP状态_Rest_Http_Spring Boot_Spring Security_Jwt

Rest SpringSecurity403HTTP状态

rest http spring-boot spring-security jwt

Rest SpringSecurity403HTTP状态,rest,http,spring-boot,spring-security,jwt,Rest,Http,Spring Boot,Spring Security,Jwt,我正在SpringBoot2.0.1项目上实现SpringSecurity 我有一些web服务，它们在Spring安全实现之前工作得很好。但现在，他们没有了这是REST客户端中显示的错误消息 { "timestamp": "2018-07-27T11:14:40.080+0000", "status": 403, "error": "Forbidden", "message": "Access Denied", "path": "/lsm/notific

我正在SpringBoot2.0.1项目上实现SpringSecurity

我有一些web服务，它们在Spring安全实现之前工作得很好。但现在，他们没有了

这是REST客户端中显示的错误消息

{
    "timestamp": "2018-07-27T11:14:40.080+0000",
    "status": 403,
    "error": "Forbidden",
    "message": "Access Denied",
    "path": "/lsm/notification/getCurrentUserNotifications"
}

google chrome上也有同样的错误：

以下是列出服务的控制器：

package com.sap.lsm.web;

import java.util.List;
import java.util.Random;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import com.sap.lsm.dao.NotifiedUserRepository;
import com.sap.lsm.dao.UserNotificationRepository;
import com.sap.lsm.entities.NotifiedUser;
import com.sap.lsm.entities.UserNotification;
import com.sap.lsm.service.UserNotificationService;

@RestController
public class UserNotificationController {

@Autowired
private UserNotificationService userNotificationService;

@Autowired
private UserNotificationRepository userNotificationRepository;

@RequestMapping(value="/notification/getCurrentUserNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotifs() {
    return userNotificationService.getCurrentUserAllNotifications();
}

@RequestMapping(value="/notification/getCurrentUserNotSeenNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotSeenNotifs() {
    return userNotificationService.getCurrentUserNotSeenNotifications();
}

@RequestMapping(value="/notification/deleteNotification/{id}", method=RequestMethod.DELETE)
public void deleteNotification(@PathVariable("id") Long id){
    userNotificationService.deleteNotification(id);
}

@RequestMapping(value="/notification/getNotification/{id}", method=RequestMethod.GET)
public UserNotification getNotification(@PathVariable("id") Long id) {
    UserNotification notification = this.userNotificationService.getNotification(id);

    if(!notification.equals(null)) {
        notification.setStatus("seen");
        userNotificationRepository.save(notification);
    }

    return notification;
}

@RequestMapping(value="/notification/markCurrentUserNotificationsAsSeen", method=RequestMethod.GET)
public void markCurrentUserNotificationsAsSeen() {
    userNotificationService.markAllNotificationsAsSeen();
}
}

如果您需要JWT身份验证和授权过滤器，我将稍后发布它们

请帮帮我，谢谢

**更新**

连接用户的角色是ADMIN

路径/lsm在pom.xml中声明为属性，如下所示：

<m2eclipse.wtp.contextRoot>/lsm</m2eclipse.wtp.contextRoot>

/lsm

此根路径用于在Jenkins（集成服务器）下运行应用程序。

您还可以指定用户当前登录的角色吗？是应用程序中的

/lsm

servlet.context path还是

servlet.servlet.path

。或者它只是被部署？我怀疑选项1或3在这种情况下会从安全映射中删除

/lsm

。否。。。正如您所注意到的，所有URL仅限于经过身份验证的用户。如果URL不匹配，这就是全部。如果发生情况1或3，URL将不匹配（因为它们从应用程序的根目录而不是服务器的根目录匹配！）。是否将前缀

ROLE\uu

添加到要检查的JWT角色？或者您只是添加了

ADMIN

？我只是添加了ADMIN作为角色

<m2eclipse.wtp.contextRoot>/lsm</m2eclipse.wtp.contextRoot>