Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
SankaSanka2021-01-07 19:28:59
Java
SankaSanka, 2021-01-07 19:28:59

How to configure WebSecurityConfig correctly?

Entrance to the application is free. I want to make sure that the entrance to the admin pages /adminPageProduct /adminPageUser, etc., was only with the ADMIN role.

But he doesn’t let me through to the admin pages and throws me on the login ban page. With any role. Roles are defined and passed normally to the page. Please help, what is my mistake?

.csrf().disable()            
        .authorizeRequests()
                    .antMatchers("/","/security/registration").permitAll()
                    .antMatchers("/admin*").hasRole(Role.ADMIN.toString())   
                    .anyRequest()
                    .authenticated()
                .and()
                    .formLogin()
                    .loginPage("/security/login")
                    .defaultSuccessUrl("/")
                    .permitAll()
                .and()
                    .logout()
                    .logoutUrl("/security/logout")
                    .invalidateHttpSession(true)
                    .clearAuthentication(true)
                    .deleteCookies("JSESSIONID")
                    .permitAll()
        .and()
        .exceptionHandling().accessDeniedPage("/errors/accessDenied");


And if it's not here, where can I find it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
O
Orkhan, 2021-01-07
Hasanly @azerphoenix

Greetings!
one)

I want to make the entrance to the admin page /adminPageProduct /adminPageUser

it's probably better to make a common prefix for the admin panel, something like /admin/**, and restrict access at this level than to list each link in the configuration settings. And the url should have the following structure: /admin/products /admin/users. In any case, you need to close access to the entire admin panel
. It seems to me that you may have a problem here:
.antMatchers("/admin*")
I don’t see other obvious problems if everything else is configured correctly

Report
S
SankaSanka, 2021-01-10
@SankaSanka

.antMatchers("/admin/**").hasRole(Role.ADMIN.toString())
thanks, but didn't help. Now it skips to these pages with any role, as long as it is authorized (
and if I remove this line and write
@PreAuthorize("hasRole('ADMIN')") at the controller level,
then it doesn’t skip with any role at all. The problem is precisely in understanding the Role And it's not clear where to fix it(
There are 2 users in the database, one with the ADMIN role, the second with USER
, here is my git - https://gitlab.com/KirillSv/ShopSpring/-/tree/mast...
I will be grateful for any ideas

Similar questions
V
Vladimir Gorbunov2015-04-20 12:35:48
How to embed a calculator in wordpress on a specific page? 4Reply
X
XciloG2015-06-30 11:26:47
Bad Request error (#400): Unable to verify your data submission. when uploading files using the bootstrap-fileinput extension? 2Reply
D
Dmitry Richter2014-12-28 23:10:02
How to call the setOnItemClickListener method? 1Reply
G
gd1xza2021-01-20 11:11:23
Java socket api berkley-style? 1Reply
V
vopross2016-12-27 19:16:03
How to view array values? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question