java - Spring security returns HTTP 403 after successful authentication -


this question has answer here:

i'm using spring 4.3.10.release , spring-security 4.2.3.release
when try open /admin after successful authentication 403, have required authorities, @ tomcat log.

my security configuration:

@configuration @enablewebsecurity public class websecurityconfig extends websecurityconfigureradapter {      private datasource datasource;      @override     protected void configure(httpsecurity http) throws exception {         http.authorizerequests()                 .antmatchers("/resources/**").permitall()                 .antmatchers("/admin/**").hasrole("admin")                 .anyrequest().authenticated().and()                 .formlogin().loginpage("/login").failureurl("/login?error").permitall().and()                 .logout().logouturl("/logout").logoutsuccessurl("/login?logout")                 .invalidatehttpsession(true)                 .logoutrequestmatcher(new antpathrequestmatcher("/logout", "get")).and()                 .csrf().and()                 .exceptionhandling().accessdeniedpage("/403");     }      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {         auth.jdbcauthentication()                 .datasource(datasource)                 .passwordencoder(passwordencoder())                 .usersbyusernamequery("select username, password, enabled app_user username = ?")                 .authoritiesbyusernamequery("select username, role app_user_role username = ?");     }      @bean     public passwordencoder passwordencoder() {         return new bcryptpasswordencoder();     }      @autowired     public void setdatasource(datasource datasource) {         this.datasource = datasource;     } 

my tomcat's log:

2017-07-28 14:18:15 debug antpathrequestmatcher:157 - checking match of request : '/admin'; against '/resources/**' 2017-07-28 14:18:15 debug antpathrequestmatcher:157 - checking match of request : '/admin'; against '/admin/**' 2017-07-28 14:18:15 debug filtersecurityinterceptor:219 - secure object: filterinvocation: url: /admin; attributes: [hasrole('role_admin')] 2017-07-28 14:18:15 debug filtersecurityinterceptor:348 - authenticated: org.springframework.security.authentication.usernamepasswordauthenticationtoken@f9ea146f: principal: org.springframework.security.core.userdetails.user@586034f: username: admin; password: [protected]; enabled: true; accountnonexpired: true; credentialsnonexpired: true; accountnonlocked: true; granted authorities: admin,user; credentials: [protected]; authenticated: true; details: org.springframework.security.web.authentication.webauthenticationdetails@0: remoteipaddress: 0:0:0:0:0:0:0:1; sessionid: 9f780dc552aed23804184d55f3f9bf0d; granted authorities: admin, user 2017-07-28 14:18:15 debug affirmativebased:66 - voter: org.springframework.security.web.access.expression.webexpressionvoter@6e6a7061, returned: -1 2017-07-28 14:18:15 debug exceptiontranslationfilter:185 - access denied (user not anonymous); delegating accessdeniedhandler org.springframework.security.access.accessdeniedexception: access denied     @ org.springframework.security.access.vote.affirmativebased.decide(affirmativebased.java:84)     @ org.springframework.security.access.intercept.abstractsecurityinterceptor.beforeinvocation(abstractsecurityinterceptor.java:233)     @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:124)     @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:91) 

solved! key prefix "role_"

@autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception {     auth.jdbcauthentication()             .datasource(datasource)             .roleprefix("role_")             .passwordencoder(passwordencoder())             .usersbyusernamequery("select username, password, enabled app_user username = ?")             .authoritiesbyusernamequery("select username, role app_user_role username = ?"); } 

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -