2016-06-25 124 views
2

我正在使用Spring Security 4.1版。如果我在安全配置中指定了access="hasRole('ROLE_ADMIN')"access="ROLE_ADMIN",我可以登錄,但我無法訪問我的管理頁面。Spring Security不支持「hasRole('ROLE_ADMIN')」或ROLE_ADMIN

<security:http use-expressions="true"> 
    <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" /> 
    <!-- security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/--> 
    <security:intercept-url pattern="/createmanufsensors" access="isAuthenticated()" /> 
</security:http> 
<security:global-method-security secured-annotations="enabled"></security:global-method-security> 

下面是調試錯誤:

DEBUG [http-bio-8080-exec-10] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /admin; Attributes: [hasRole('ROLE_ADMIN')]  
2016-06-25 10:07:53,667 [] DEBUG [http-bio-8080-exec-10] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: org.springframew[email protected]cc305a73: Principal: [email protected]: Username: francatore             ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN        ; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F702A6911A71EA5556C750B6D424FF5; Granted Authorities: ROLE_ADMIN         
2016-06-25 10:07:53,667 [] DEBUG [http-bio-8080-exec-10] [org.springframework.security.access.vote.AffirmativeBased] Voter: org.sp[email protected]170ea084, returned: -1 
2016-06-25 10:07:53,668 [] DEBUG [http-bio-8080-exec-10] [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is not anonymous); delegating to AccessDeniedHandler 

我該怎麼辦可能會丟失?

+0

當用戶創建並記帳時,捲筒會分配給用戶。上面的用戶被分配了'ROLE_ADMIN',而其餘的用戶被分配了'ROLE_USER'。角色保存在數據庫的權限表中。 –

回答

4

我對此有一個小的解釋。 在這裏,您被認證爲普通用戶,但未被授權查看管理頁面。

如果使用access="hasRole('ROLE_ADMIN')"表達,那麼Spring EL類(即SecurityExpressionRoot)將前綴ROLE_添加到每個角色 ,我們在hasRole()表達提供。因此,在您的情況下,您在hasRole('ROLE_ADMIN')中提供的角色將解析爲ROLE_ROLE_ADMIN

這就是爲什麼你被認證爲ROLE_ADMIN的用戶。但是要查看管理頁面的Spring Security框架,用戶必須具有 ROLE_ROLE_ADMIN(因爲SecurityExpressionRoot類添加了ROLE_前綴)的作用。

因此,對於這個刪除ROLE_前綴在你的代碼,即在這裏access="hasRole('ADMIN')" 所以,春季安全將添加ROLE_前綴自動。 並確保您已將數據庫中的管理員角色指定爲ROLE_ADMIN

相關問題