TomaszC283 :
i have problem with Authorize in Spring Security. i'm writing a simple organizer app and there is a 14 roles, but i'm making whole tests on ROLE_ADMIN, and it didn't works. typing /admin get's me to /denied page :( Can you find a problem here ?
protected void configure(HttpSecurity httpSec) throws Exception {
httpSec.authorizeRequests().antMatchers("/").permitAll().antMatchers("/login").permitAll().antMatchers("/admin/**")
.hasAnyRole("ROLE_ADMIN", "ROLE_PRODUCTION_MANAGER", "ROLE_FOREMAN").antMatchers("/workingpanel")
// Another .antMatchers //
.authenticated().and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/").usernameParameter("email").passwordParameter("password").and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/").and()
.exceptionHandling().accessDeniedPage("/denied");
}
Aram Yeghiazaryan :
Try to change .antMatchers("/admin/").hasAnyRole("ROLE_ADMIN", ...) to .antMatchers("/admin/").hasAnyRole("ADMIN",....) as Spring Security adds ROLE prefix to each role automatically. For example
protected void configure(final HttpSecurity http) throws Exception {
...
.antMatchers("/admin/** ").hasAnyRole("ADMIN","USER",...)
...
}
Guess you like
Origin http://43.154.161.224:23101/article/api/json?id=370791&siteId=1