我创建了一个具有基本安全性(用户、角色)的 SpringBoot 应用程序,它工作正常。之后,我想使用权限扩展应用程序,但现在我卡住了,因为我的应用程序不再进行身份验证。
我刚刚添加/修改了实体和服务。
因此,当我尝试获取此资源时:http://localhost:8080/user/list 登录页面按我想要的方式出现,但是当我输入用户凭据时,我得到了 AccessDenied 异常 中,所有用 @PreAuthorize 注释的资源都会发生这种情况。
Controller 示例:
@Controller
public class UserController {
@RequestMapping("/user/list")
@PreAuthorize("hasRole('PERM_READ_USER')")
public String listUsers(Model model){
return "user/list";
}
@RequestMapping("/user/show")
public String getUser(){
return "user/show";
}
调试信息:
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/address/list]
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /address/list
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.AddressController.listAddresses()]
2016-09-08 16:10:06.459 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/address/list] is: -1
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied
2016-09-08 16:10:06.465 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Could not complete request
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:65) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at com.example.controllers.AddressController$$EnhancerBySpringCGLIB$$d75cbf26.listAddresses(<generated>) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_101]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_101]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425) [tomcat-embed-core-8.5.4.jar:8.5.4]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.4.jar:8.5.4]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.4.jar:8.5.4]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/login]
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()]
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/login] is: -1
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login'
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] based on requested media type 'text/html'
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Rendering view [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] in DispatcherServlet with name 'dispatcherServlet'
2016-09-08 16:10:06.485 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Successfully completed request
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**]
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {}
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**]
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {}
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Successfully completed request
2016-09-08 16:10:06.595 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:10:06.597 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Successfully completed request
但是,当我只是简单地调用 /login 并输入凭据并单击提交时,什么也没有发生。
在这种情况下我得到了这个调试信息:
2016-09-08 16:16:29.567 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/login]
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()]
2016-09-08 16:16:29.571 DEBUG 22958 --- [io-8080-exec-10] o.s.web.cors.DefaultCorsProcessor : Skip CORS processing: request is from same origin
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login'
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] based on requested media type 'text/html'
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Rendering view [org.thymeleaf.spring4.view.ThymeleafView@56f2df29] in DispatcherServlet with name 'dispatcherServlet'
2016-09-08 16:16:29.576 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Successfully completed request
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js]
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**]
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {}
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1
2016-09-08 16:16:29.666 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:16:29.667 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Successfully completed request
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css]
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**]
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {}
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2842c098]]] and 1 interceptor
2016-09-08 16:16:29.669 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Successfully completed request
我的用户详细信息服务:
@Service("userDetailsService")
public class SpringSecurityUserdetailsServiceImpl implements UserDetailsService {
private UserService userService;
private Converter<User, UserDetails> userToUserDetailsConverter;
@Autowired
public void setUserService(UserService userService) {
this.userService = userService;
}
@Autowired
@Qualifier(value = "userToUserDetails")
public void setUserUserDetailsConverter(Converter<User, UserDetails> userUserDetailsConverter) {
this.userToUserDetailsConverter = userUserDetailsConverter;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return userToUserDetailsConverter.convert(userService.findByUsername(username));
}
}
我的安全配置:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().ignoringAntMatchers("/h2-console").disable()
.authorizeRequests().antMatchers("/**/favicon.ico") .permitAll()
.and().authorizeRequests().antMatchers("/webjars/**").permitAll()
.and().authorizeRequests().antMatchers("/static/css").permitAll()
.and().authorizeRequests().antMatchers("/js").permitAll()
.and().formLogin().loginPage("/").permitAll()
.and().formLogin().loginPage("/login").permitAll()
.and().exceptionHandling().accessDeniedPage("/access_denied");
}
我的项目也可在 https://github.com/eszikk/spring-security/tree/spring-security-database-permissions 中找到。如果您有任何想法请告诉我。 Br,
最佳答案
该请求永远不会到达您的 Controller ,因为您在安全配置中未允许此路由。
您应该添加:
.antMatchers("/user/**").hasAnyAuthority("ROLE_ADMIN")
-或-
.antMatchers("/user/**").hasAnyRole("ADMIN")
(请注意这两种情况下的“ROLE_”前缀)。
或者,您可以添加全局
.anyRequest().authenticated()
匹配器允许任何经过身份验证的用户访问任何 URL。然后,您可以在 Controller 中使用 @PreAuthorize 逻辑来微调访问。
此外,“.authorizeRequests()”调用允许链接,这意味着您可以执行以下操作:
.authorizeRequests()
.antMatchers("/**/favicon.ico") .permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/static/css").permitAll()
.antMatchers("/js").permitAll()
.anyRequest().authenticated()
关于java - SpringBoot 和 Spring Security 未进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39393583/