Viorel Casapu :
I created a project using spring security.
In configure(HttpSecurity http)
I set access to "/home"
just for USER, but after I login, it shows:
403 Forbidden
I created an Entity class named User implementing UserDetails
and in getAuthorities()
I just retrun Arrays.asList(new SimpleGrantedAuthority("USER"));
For http object, I tried using directly .hasRole('USER')
method instead of .access("hasRole('USER')")
, the problem is the same.
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/home")
.access("hasRole('USER')")
.antMatchers("/","/**").access("permitAll")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
mrkurtan :
You need to use Authority and not Role.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/home").hasAuthority("USER")
.antMatchers("/","/**").access("permitAll")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}