Spring security hasRole()不';我不能和JWT一起工作
我用Spring Security实现了JWT Spring SecuritySpring security hasRole()不';我不能和JWT一起工作,spring-security,jwt,Spring Security,Jwt,我用Spring Security实现了JWT Spring Security/loginurl返回一个包含角色的JWT,但当我尝试访问需要角色的url时,它返回403 "timestamp": 1507840896561, "status": 403, "error": "Forbidden", "message": "Access is denied", "path": "/teacher/dashboard" 我在WebSecurityConfig中为/t
/login403"timestamp": 1507840896561,
"status": 403,
"error": "Forbidden",
"message": "Access is denied",
"path": "/teacher/dashboard"
WebSecurityConfig/teacher/**WebSecurityConfigurerAdapterhttp
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/api/register").permitAll()
.antMatchers("/teacher/**").hasRole("TEACHER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http
.csrf().disable();
http
.formLogin()
.defaultSuccessUrl("/", true)
.and()
.addFilterBefore(new SimpleCorsFilter(), ChannelProcessingFilter.class)
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
hasRole()ROLE\u教师ROLE\u{
"sub": "org.springframework.security.core.userdetails.User@394ca6ef: Username: teacher@postman.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_TEACHER",
"exp": 1508704641
}
令牌已
授予权限:ROLE\u TEACHER.antMatchers("/teacher/**").access("hasAnyRole('TEACHER')")
@PreAuthorize("hasRole('ROLE_TEACHER')")
@PreAuthorizeGolbalMethodSecurityConfigurationmethodSecurityConfiguration@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
prespenabled=true之前(之前)之后(之后)request.isUserInRole()DEBUG