403 - 认证后访问被拒绝
问题描述:
当我尝试对我现有的数据库进行身份验证时,我正在进行身份验证,但是我得到了403页。如果我只是尝试了一个错误的密码,我会收到错误的凭据信息。 我试图验证SpringSecurity附带的每个示例应用程序,并且工作正常。
安全的context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security secured-annotations="enabled"></global-method-security>
<http auto-config="true" >
<intercept-url pattern="/admin/**" access="ROLE_TEST" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login
login-page="/login/index.jsp"
default-target-url="/admin/test.jsp"
authentication-failure-url="/login/index.jsp?login_error=1" />
</http>
<authentication-provider user-service-ref="jdbcUserService">
<password-encoder ref="passwordEncoder">
<salt-source system-wide="n103df"/>
</password-encoder>
</authentication-provider>
<beans:bean id="jdbcUserService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="rolePrefix" value="" />
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="enableAuthorities" value="true"/>
<beans:property name="enableGroups" value="false"/>
<beans:property name="authoritiesByUsernameQuery" value="SELECT username,authority FROM authorities WHERE username = ?" />
<beans:property name="usersByUsernameQuery" value="SELECT username,password,enabled as enabled FROM users WHERE username = ?" />
<beans:property name="groupAuthoritiesByUsernameQuery" value="" />
</beans:bean>
<beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder"/>
会理解:-) 感谢所有帮助提前!
答
如果您得到一个403代码,这意味着用户没有所需的角色。所以,认证不是问题,是授权。
要知道发生了什么的唯一方法是将日志级别调试,应该有更多的信息。张贴在这里。
你的角色是否有'ROLE_'前缀?
答
......想通了。尽管有在配置文件中,并在数据库中的“权威”列相同的指定ROLE_TEST,弹簧二段期待ROLE_SUPERVISOR:
[DEBUG,AbstractSecurityInterceptor,http-8084-7] Secure object: FilterInvocation: URL: /admin/test.jsp; ConfigAttributes: [ROLE_TEST] [DEBUG,AbstractSecurityInterceptor,http-8084-7] Previously Authenticated: org.springf[email protected]af840ed7: Principal: [email protected]: Username: testUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: [email protected]: RemoteIpAddress: 127.0.0.1; SessionId: 350B260FAFDDBF04D5CB4AAAB7B8A441; Granted Authorities: ROLE_SUPERVISOR [DEBUG,ExceptionTranslationFilter,http-8084-7] Access is denied (user is not anonymous); delegating to AccessDeniedHandler org.springframework.security.AccessDeniedException: Access is denied at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
...现在我很好奇,怎么来的? 因此,在配置文件中将ROLE_TEST更改为ROLE_SUPERVISOR后,所有按预期工作。
+2
....我今天意识到,这一次,我正在寻找在错误的分贝,'没有说。 Thaks一堆虽然,它确实帮助! – vector 2009-08-18 18:05:43
好点,抱歉关于bonehead帖子,太累了,分心直想:-( – vector 2009-08-17 16:11:18
这是我的错误的原因!谢谢! – 2016-04-10 16:01:24