java - 配置 Http 安全

Question

我有这个网址，我已赋予角色 USER 但我无法访问，并且当前经过身份验证的主体是用户

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().
                antMatchers(PUBLIC_MATCHERS).permitAll().
                antMatchers("/bookDetail/**").hasRole("USER").
                antMatchers("/listOfCreditCards/**").hasRole("USER").
                antMatchers("/shoppingCart/addItem/**").hasRole("USER").
                and().formLogin();

        http
                .csrf().disable().cors().disable()
                .formLogin().failureUrl("/login?error")
                .defaultSuccessUrl("/")
                .loginPage("/login").permitAll()
                .and()
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/?logout").deleteCookies("remember-me").permitAll()
                .and()
                .rememberMe();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        GrantedAuthority authority = new SimpleGrantedAuthority("USER");
        UserDetails userDetails = (UserDetails) new User("V", "A", Arrays.asList(authority));
        return new InMemoryUserDetailsManager(Arrays.asList(userDetails));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("V").password("A").roles("USER");

我得到此输出 -status":403,"error":"Forbidden","message":"访问被拒绝" 关于我应该检查什么并且没有堆栈跟踪的任何建议

Answer 1

代码中唯一授权任何页面的行是:

antMatchers(PUBLIC_MATCHERS).permitAll()

如果这不是您的登录页面，您将无法访问它，因为您尚未授予其权限。您可能需要以下内容:

http.authorizeRequests().
 antMatchers(PUBLIC_MATCHERS).permitAll(). 
 antMatchers("/bookDetail/**").hasRole("USER").
 antMatchers("/listOfCreditCards/**").hasRole("USER").
 antMatchers("/shoppingCart/addItem/**").hasRole("USER").
.and()
.formLogin().loginPage("/loginPage").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home")
.failureUrl("/loginPage?error")
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/loginPage?logout")
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/accessDenied");