Spring security Spring Security 3.1授权_Spring Security_Authorization

Spring security Spring Security 3.1授权

spring-security

Spring security Spring Security 3.1授权,spring-security,authorization,Spring Security,Authorization,我想在我现有的web应用程序中使用spring security。目前我可以对用户进行身份验证。但我不能做授权。应用程序给出403-错误。我错过了什么？请帮忙。我的applicationContext-securty.xml如下 <http use-expressions="true" >  <interc

我想在我现有的web应用程序中使用spring security。目前我可以对用户进行身份验证。但我不能做授权。应用程序给出403-错误。我错过了什么？请帮忙。我的applicationContext-securty.xml如下

<http use-expressions="true" >
        <!--<intercept-url pattern="/**" access="permitAll" /> -->
         <intercept-url pattern="/pages/test_for_admin/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/pages/main/scenarios.bak" access="isAuthenticated()" />

        <!-- <form-login/>-->
        <form-login login-page="/login.bak" default-target-url="/pages/main/scenarios.bak"/>
        <logout />

    </http>

    <authentication-manager alias="authenticationManager" >
        <authentication-provider >
            <!-- <password-encoder hash="md5" /> -->
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="SELECT username, password,enabled FROM web_users WHERE username=?"
                authorities-by-username-query="SELECT username,authority FROM web_authorities WHERE username = ?"                   
                role-prefix="ROLE_" />
        </authentication-provider>
    </authentication-manager>

检查您在登录Spring后指向的URL。在这种情况下是这样的

default-target-url="/pages/main/scenarios.bak

它是一个有效的URL吗？当403被禁止时，您在浏览器的地址栏中看到了什么

嗯