您好,我正在從春季訪問被拒絕。可有人請幫我這春季安全儘管憑藉正確的憑據給予403安全
我使用彈簧4.3
我控制器
@RestController
@RequestMapping (value = "/api/secured/resource/school")
@Secured ({ ApplicationConstants.Role.SYSTEM_ADMIN, ApplicationConstants.Role.SCHOOL_ADMIN })
public class SchoolController
{
@Autowired
private SchoolService schoolService;
@PostMapping (consumes = "application/json")
@Secured ({ ApplicationConstants.Role.SYSTEM_ADMIN })
public @ResponseBody ResponsePayload createSchool (HttpServletRequest request, @RequestBody School school)
throws ServiceException
{
}
interface Role
{
String SYSTEM_ADMIN = "SYSTEM_ADMIN";
String SCHOOL_ADMIN = "SCHOOL_ADMIN";
}
由於日誌下面你可以看到,用戶有兩個機構
SYSTEM_USER,SYSTEM_ADMIN仍然給我拒絕訪問
Sprin克配置
<http pattern="/static/**" security="none" />
<http use-expressions="true">
<intercept-url pattern="/app/**" access="isAuthenticated()" />
<form-login login-page="/loginPage"
authentication-success-handler-ref="mySuccessHandler"
authentication-failure-handler-ref="myFailureHandler" />
<logout logout-success-url="/loginPage" />
<custom-filter ref="loginFilter" after="FIRST" />
<csrf disabled="true" />
</http>
2016年7月15日16:03:12525 DEBUG MethodSecurityInterceptor:348 - 先前認證:org.springframew[email protected]7670236f:主要:SystemUser [用戶id = 1,姓名=管理員,[email protected],mobilePhone = 9999999999,status = ACTIVE];證書:[PROTECTED];已驗證:true;詳細信息:org.sprin[email protected]0:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId:1h5x6yxtd1m0y1ogs4h5vfo1yl; 授予的權限:SYSTEM_USER,SYSTEM_ADMIN 2016-07-15 16:03:12,525 DEBUG肯定性基礎:66 - 選民:[email protected],返回:0 2016-07-15 16 :03:12,527 DEBUG AffirmativeBased:66 - 選舉:[email protected]4efc,返回:0 2016-07-15 16:03:12,529 DEBUG ExceptionHandlerExceptionResolver:133 - 解決handler [public com.tepachi.web.response.ResponsePayload com.tepachi.web.controller.SchoolController.createSchool(javax.servlet.http.HttpServletRequest,com.tepachi.db.entities.user.School)throws com.tepachi.exception.ServiceException] :org.springframework.security.access.AccessDeniedException:訪問被拒絕