代码现在工作正常,已替换 security.xml 中的以下行以提供基于角色的安全性,但访问被拒绝 http status-403
已替换
<intercept-url pattern="/inputcreate*" access="isAuthenticated()" />
与
<intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />
spring-security.xml
<http use-expressions="true" auto-config="true">
<!-- <intercept-url pattern="/inputcreate*" access="isAuthenticated()" /> -->
<intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />
<form-login login-page="/login.html" default-target-url="/inputcreate.html"
authentication-failure-url="/login.html" username-parameter="j_username"
password-parameter="j_password" login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/index.html" />
</http>
最佳答案
刚刚更换
<intercept-url pattern="/inputcreate*" access="hasAnyRole('admin','user')" />
与
<intercept-url pattern="/inputcreate*" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
谷歌搜索 3-4 小时后,进行了上述更改 这对我有用!!!
在 Spring 文档中,它已在此处给出,为角色添加前缀
public void setRolePrefix(String rolePrefix)
Allows a default role prefix to be specified. If this is set to a non-empty value, then it is automatically prepended to any roles read in from the db.
This may for example be used to add the ROLE_ prefix expected to exist in role names (by default) by some other Spring Security classes, in the case that the prefix is not already present in the db.
Parameters:
rolePrefix - the new prefix
关于java - Spring 安全4 : Access denied on providing roles,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35963783/