1. 首頁
  2. 問答
  3. Spring Security 4.1升級 - HttpServletRequest isUserInRole返回false

Spring Security 4.1升級 - HttpServletRequest isUserInRole返回false

2016-09-12 111 views
0

成功登錄後,HttpServletRequest類的isUserInRole方法返回false。在Spring Security版本升級到4.1.3之前它已經恢復正常。Spring Security 4.1升級 - HttpServletRequest isUserInRole返回false

彈簧安全核心4.1.3,彈簧安全的web-4.1.3,和彈簧安全配置-4.1.3罐存在於類路徑

春天的安全性。 XML

... 
<spring:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"> 
</spring:bean> 

<spring:bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter"/> 

<spring:bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter" /> 

<spring:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> 
     <spring:constructor-arg> 
     <spring:list> 
      <spring:ref bean="roleVoter"/> 
      <spring:ref bean="authenticatedVoter"/> 
      <spring:ref bean="webExpressionVoter"/> 
     </spring:list> 
    </spring:constructor-arg> 
</spring:bean> 

<security:http access-decision-manager-ref="accessDecisionManager" use-expressions="true"> 

    <security:intercept-url pattern="/login.jsp" access="hasAuthority('ROLE_ANONYMOUS')" /> 

    <security:intercept-url pattern="/index*" access="hasAuthority('ROLE_USER')"/> 

    <security:form-login login-page="/login.jsp" 
     username-parameter="j_username" 
     password-parameter="j_password" 
     login-processing-url="/j_spring_security_check" 
     authentication-failure-url="/accessDenied.jsp" /> 

    <security:logout invalidate-session="true" delete-cookies="JSESSIONID"/> 

    <security:csrf disabled="true"/> 

</security:http> 

<security:authentication-manager alias="secAuthManager"> 
    <security:authentication-provider ref="securityProvider" /> 
</security:authentication-manager> 

<spring:bean id="securityProvider" class="com.SecurityProvider"/> 

...

類SecurityProvider

public class SecurityProvider implements AuthenticationProvider { 

     @Override 
     public Authentication authenticate(Authentication authentication) throws AuthenticationException { 

... 

       List<GrantedAuthority> grantedAuthorities = ...     

return new UsernamePasswordAuthenticationToken(user, password, grantedAuthorities); 
     } 

     @Override 
     public boolean supports(Class<?> authentication) { 
      return authentication.equals(UsernamePasswordAuthenticationToken.class); 
     } 
    }

如果我替換3.2.9版本4.1.3安全罐子和從Spring security.xml文件刪除<security:csrf disabled="true"/>然後它工作。

來源

2016-09-12 Vikas Sharma

回答

0

在爲List<GrantedAuthority> grantedAuthorities中的每個GrantedAuthority添加ROLE_前綴後問題得到解決。

來源

2016-09-14 12:52:41

相關問題

 相關問題