Answer the question
In order to leave comments, you need to log in
P
P
P_Alexander2018-06-29 14:45:13
P_Alexander, 2018-06-29 14:45:13
Spring security - forbidden how to solve?
After authorization of the user I receive forbidden why?
After authorization, the user is sent to the / home page for this page, two roles are specified ADMIN AND USER
In UserDetailsServiceImpl, I get the user with the USER role from the database, I know this for sure, so why do I grab access denied?
spin security file
<http security="none" pattern="/resources/**"/>
<http auto-config="true"
disable-url-rewriting="true"
use-expressions="true">
<intercept-url pattern="/" access="permitAll()"/>
<intercept-url pattern="/main" access="permitAll()"/>
<intercept-url pattern="/about" access="permitAll()"/>
<intercept-url pattern="/registration" access="permitAll()"/>
<intercept-url pattern="/authorization" access="permitAll()"/>
<intercept-url pattern="/home" access="hasAnyRole('ADMIN', 'USER')"/>
<intercept-url pattern="/admin" access="hasRole('ADMIN')"/>
<form-login login-page="/authorization" login-processing-url="/authorization" default-target-url="/home"
authentication-failure-url="/registration"
username-parameter="username" password-parameter="password"/>
<csrf/>
<anonymous username="guest" granted-authority="ANONYMOUS"/>
<access-denied-handler error-page="/accessDenied"/>
<logout logout-success-url="/authorization?logout"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsServiceImpl">
<password-encoder ref="encoder"></password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsServiceImpl" class="com.service.security.UserDetailsServiceImpl"></beans:bean>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11"/>
</beans:bean>Class UserDetailsServiceImpl
public class UserDetailsServiceImpl implements UserDetailsService {
private static final Logger logger = LogManager.getLogger(UserDetailsServiceImpl.class);
@Autowired
private UserDAO userDAO;
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String userLogin) throws UsernameNotFoundException {
logger.debug("it is loadUserByUsername method " + userLogin);
User user = userDAO.findByLogin(userLogin);
logger.debug("it is password " + user.getPassword());
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority(user.getRole().getNameRole()));
for(GrantedAuthority grantedAuthority : grantedAuthorities){
logger.debug("grant user " + grantedAuthority);
}
return new org.springframework.security.core.userdetails.User(user.getLogin(),
user.getPassword(),
grantedAuthorities);
}
}controller
@RequestMapping(value = "/authorization" ,method = RequestMethod.GET)
public String authorization(Model model, String error, String logout){
if (error != null){
model.addAttribute("error", "Your username and password is invalid.");
}
if (logout != null)
model.addAttribute("message", "You have been logged out successfully.");
logger.debug("authorization GET");
return "authorization";
}authorization page
<div layout:fragment="content">
<div th:if="${param.success}">
<div class="alert alert-info">
You've successfully registered to our awesome app!
</div>
</div>
<div th:if="${param.logout}">
<div class="alert alert-info">
You have been logged out.
</div>
</div>
<form name="f" th:action="@{/authorization}" method="post">
<div th:if="${param.error}">
<div class="alert alert-danger">
Invalid login or password.
</div>
</div>
<!--th:classappend="${error != null}? 'has-error':''"-->
<div class="row">
<div class="col">
<span th:text="${masage}"></span>
<label for="username">Login</label>
<input type="text" name="username" id="username" class="form-control" placeholder="Login" autofocus="autofocus">
</div>
<div class="col">
<label for="password">Password</label>
<span th:text="${error}"></span>
<input type="password" name="password" id="password" class="form-control" placeholder="Password">
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
<!--<p th:text="${_csrf.parameterName} + ${_csrf.token}"></p>-->
<!--<p th:text="${_csrf.token}"></p>-->
</div>
</div>
<div>
<div class="form-group">
<div class="row">
<div class="col-sm-6 col-sm-offset-3">
<input type="submit"
name="login-submit"
id="login-submit"
class="form-control btn btn-info"
value="Log In"/>
</div>
</div>
</div>
<span>Already registered?<a href="/" th:href="@{/authorization}">Forget your password or login?</a></span>
</div>
</form>
</div> 1 answer(s)
@P_Alexander
P
P_Alexander, 2018-06-29 @P_Alexander
I'm a bitch from this spring just fucking, the documentation says, yes, I myself saw the implementation of the hasRole method THAT THE ROLE_ PREFIX IS ADDED BY DEFAULT, but in fact, fuck !!!!! I killed two days this one so far from hopelessness, I decided to add the ROLE_ prefix to the main role myself. and everything was decided. FUH!
Similar questions
M
McMike2017-06-09 08:44:13
How to make several selects with a choice from one array of values?
1Reply
X
S
G
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question