解決:org.springframework.security.access.AccessDeniedException: Access is denied
最近在使用SpringSecurity時涉及到從資料庫中獲取使用者,結果一直報錯,錯誤如下
Secure object: FilterInvocation: URL: /index.jsp; Attributes: [hasRole('ROLE_USER')] 2017-06-29 23:02:27 731 [DEBUG] Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 2017-06-29 23:02:27 764 [DEBUG] Voter: org.sp[email protected]4337be56, returned: -1 2017-06-29 23:02:27 766 [DEBUG] Returning cached instance of singleton bean 'sqlSessionFactory' 2017-06-29 23:02:27 774 [DEBUG] Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2536) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2525) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
查看了一下資料,發現許可權什麼確實沒有任何問題,網上查看了一下後發現是spring-security.xml中關於許可權配置有問題
最終spring-security.xml配置如下:
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <http auto-config='true'> <!-- <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> --> <intercept-url pattern="/admin.jsp" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <!-- <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" default-target-url="/" /> --> </http> <!-- <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT USERNAME,PASSWORD,status as enabled FROM USERS WHERE USERNAME=?" authorities-by-username-query="select u.username,r.role_name as authority from USERS u join USER_ROLE ur on u.id=ur.user_id join ROLE r on r.role_id=ur.role_id where u.username=?"/> </authentication-provider> </authentication-manager> <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/> <beans:property name="url" value="jdbc:mysql://123.207.179.33:3306/pethome"/> <beans:property name="username" value="root"/> <beans:property name="password" value="19940315"/> </beans:bean> --> <authentication-manager alias="authenticationManager"> <authentication-provider ref="authenticationProvider" /> </authentication-manager> <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <beans:property name="userDetailsService" ref="myUserDetailsService" /> <beans:property name="hideUserNotFoundExceptions" value="false" /> </beans:bean> </beans:beans>
spring-security.xml中角色必須<intercept-url
pattern="/**" access="hasRole('ROLE_USER')" />,不能<intercept-url pattern="/**" access="ROLE_USER" />,如果缺少hasRole,會報許可權錯誤
相關推薦
解決:org.springframework.security.access.AccessDeniedException: Access is denied
最近在使用SpringSecurity時涉及到從資料庫中獲取使用者,結果一直報錯,錯誤如下 Secure object: FilterInvocation: URL: /index.jsp; Attributes: [hasRole('ROLE_USER')] 2017-0
解決:org.springframework.tuple.spel.TuplePropertyAccessor
不完全 -m prop pro exce cWeb lib ast work 原來運行調試正常的項目,今天啟動時報“java.lang.IllegalStateException: ApplicationEventMulticaster not initialized”錯誤
部署Spring AOP報錯:org.springframework.beans.factory.BeanCreationException解決方法
在部署Spring AOP時出現如下錯誤: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'adminbean' defined in class path
spring異常:org.springframework.beans.BeanInstantiationException解決
由於現在還在學習新知識階段,也在瘋狂找實習,所以對於很多問題現在還不會通過寫部落格來仔細的講,希望以後能找到工作,穩定之後會慢慢的把學習過的內容全部好好的梳理一下然後詳細的寫成部落格。在學習spring的依賴注入過程中出現了這樣一個異常,也就是初始化問題,查了後發現,這種問題
啟動項目報錯:org.springframework.beans.factory.UnsatisfiedDependencyException
ini ali 監聽 exp date ram factor 接口 xml文件 dubbo項目: 啟動項目報錯:(web端) org.springframework.beans.factory.UnsatisfiedDependencyException: Error cr
error:org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
poi return spring use fail err process sin mapping 問題:調用的方法在一個接口類中,但我並沒有註入那個被調用的類 解決:在UserEntity前加上@Autowired @Controller public class
報錯:org.springframework.http.converter.json.MappingJacksonHttpMessageConverter
log beans 而在 itme manager 解決辦法 man ali hand org.springframework.http.converter.json.MappingJacksonHttpMessageConverter 1、錯誤描述 嚴重:
項目maven update 後啟動項目出現導常:org.springframework.web.context.ContextLoaderListener
add erl clean 右鍵 啟動項 pri 選擇 spring upd 導常:org.springframework.web.context.ContextLoaderListener 1. 右鍵單擊工程項目 ->點擊 properties2. 選擇 Deplo
Eclipse中maven專案報錯:org.springframework.web.filter.CharacterEncodingFilter
寫了一個demo,發現在tomcat中部署完專案,啟動時報錯。 1,問題描述 2,解決辦法 1)程式在部署完成後報錯,說明是程式是編譯通過的,即編譯編譯路徑Java Build Path沒問題。 2)此時檢視 專案Properties—Deployment
ssm整合的時候總是報如下錯誤:org.springframework.orm.hibernate5.HibernateJdbcException: JDBC exception on Hiberna
ssm整合的時候總是報如下錯誤: org.springframework.orm.hibernate5.HibernateJdbcException: JDBC exception on Hibernate data access: SQLException for SQL [
解決:org.xml.sax.SAXParseException: 元素型別 "head" 必須由匹配的結束標記 "</head>問題
事件背景: 今天就碰到了這樣的問題, org.xml.sax.SAXParseException: 元素型別 "head" 必須由匹配的結束標記 "</head> 我本地編譯的時候報錯,上面報錯,起初 我以為是我畫的html頁面報錯呢,一個個標籤查呀,查了一個多小時沒結果 原因:
SpringBoot傳送郵件遇到的錯誤:org.springframework.mail.MailAuthenticationException: Authentication failed;
SpringBoot傳送郵件時遇到的異常:org.springframework.mail.MailAuthenticationException: Authentication failed; nested exception is javax.mail.Authentic
spring boot 上傳檔案出錯:org.springframework.web.multipart.MultipartException: Could not parse multipart s
一個國慶假期回來,測試跟我說以前好好的檔案上傳不能用了,還是真實環境,程式報如下錯誤: org.springframework.web.multipart.MultipartException: Cou
Spring的初始化:org.springframework.web.context.ContextLoaderListener
在web.xml中配置 <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> <
springboot:org.springframework.amqp.AmqpIOException: java.io.IOException
springboot整合rabbitMQ報錯: 首先看一下RabbitMq服務是否開啟 如果開啟了進入RabbitMq管理介面即:http://localhost:15672 使用配置檔案的使用者名稱和密碼登入:(確保rabbitMq已有此使用者,如沒有請參考:https://bl
CXF與JAX-RS異常:org.springframework.aop.support.AopUtils.isCglibProxyClass(Ljava/lang/Class;)Z
概述 最近因公司專案需要,實現不同的專案的RESTful訪問,決定採用CXF加上JAX-RS來實現。CXF相比開始的Xfire和後來的axis2,使用起來要順手多了,前幾年用過axis2,後來又用過CXF。 問題 &nbs
Ibatis 報:org.springframework.jdbc.UncategorizedSQLException: SqlMapClient operation; uncategorized S
錯誤: org.springframework.jdbc.UncategorizedSQLException: SqlMapClient operation; uncategorized SQLException for SQL []; SQL state [null];
spring更新clob報錯:org.springframework.jdbc.UncategorizedSQLException: PreparedStatementCallback; uncategorized SQLException for SQL
org.springframework.jdbc.UncategorizedSQLException: PreparedStatementCallback; uncategorized SQLException for SQL [INSERT INTO IOM_MSG(IN_
Spring ASM 彙編包:Org.SpringFrameWork.ASM
在Org.SpringFrameWork.ASM這個包裡面,有個類ClassReader,有個方法readclass ,後者主要功能是把流轉換成16進位制的Byte 程式碼如下: private static
Spring ASM 彙編包:Org.SpringFrameWork.ASM
在Org.SpringFrameWork.ASM這個包裡面,有個類ClassReader,有個方法readclass ,後者主要功能是把流轉換成16進位制的Byte 程式碼如下: private static byte[] readClass(fi