Spring Security出现问题:Access is denied 及我的解决方案 - txd2016_5_11的博客 - CSDN博客
近日使用spring security,xml文件如下:
...... <!-- 页面拦截规则 --> <http pattern="/shoplogin.html" security="none"></http> <http pattern="/loginerror.html" security="none"></http> <http pattern="/css/**" security="none"></http> <http pattern="/img/**" security="none"></http> <http pattern="/js/**" security="none"></http> <http pattern="/plugins/**" security="none"></http> <http use-expressions="false"> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page="/shoplogin.html" login-processing-url="/login" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true" /> ...... <!-- 指定自定义过滤器 --> <custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER" /> </http> <!-- 自定义过滤器 --> <beans:bean id="authenticationFilter" class="com.shopping.shop.util.TestLoginFilter"> <beans:property name="filterProcessesUrl" value="/login" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailService"> <!-- <password-encoder ref="bcryptEncoder"></password-encoder> --> </authentication-provider> </authentication-manager> <beans:bean id="userDetailService" class="com.shopping.shop.util.UserDetailsServiceImpl"> <beans:property name="sellerService" ref="sellerService"/> </beans:bean> ......自定义类:com.shopping.shop.util.UserDetailsServiceImpl(userDetailService)如下:
@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("经过了UserDetailsServiceImpl"); //构建角色列表 List<GrantedAuthority> grantAuths=new ArrayList<GrantedAuthority>(); grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER")); //得到商家对象 List<TbSeller> sellers = sellerService.findList(username); if(sellers != null) { for(TbSeller seller : sellers) { if(seller.getStatus().equals("1")) { return new User(username,seller.getPassword(),grantAuths); } } } return null; }访问项目出现问题,如下:
...... 2019-01-24 17:11:49,691 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - Access is denied (user is anonymous); redirecting to authentication entry pointorg.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:112) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:206) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:206) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:106) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) ......处理上述问题:
Access is denied:访问被拒绝
可能的原因:
1. You have logged in with a user that has given a role but accessing a URL pattern which is not authorized to that user.
2. Or You have logged in with a user and accessing a method which is not authorized to that user role.
经过一番查找,终于发现我在xml文件中定义的是 “access="ROLE_USER",在userDetailService中却是:grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
难怪,改正上述错误,问题OK。
在解决上述问题的过程中,我同样看见许多出现“Access is denied”的例子,但他们的解决方案在我这儿却行不通。最终解决问题之后理解到:Access is denied 只是说明了出现问题的原因,或者说是类型,他只是定义了一个大的解决方向而具体的解决方案还得视具体情况决定。
最后,附上本人学习Security的一份小demo:https://download.csdn.net/download/txd2016_5_11/10943130,程序已经跑通,里边附加了一些本人的理解,希望能对大家产生一点帮助。
Original url: Access
Created at: 2019-10-18 17:57:49
Category: default
Tags: none
未标明原创文章均为采集,版权归作者所有,转载无需和我联系,请注明原出处,南摩阿彌陀佛,知识,不只知道,要得到
最新评论