Java Spring Security - problem with authorize

TomaszC283 :

i have problem with Authorize in Spring Security. i'm writing a simple organizer app and there is a 14 roles, but i'm making whole tests on ROLE_ADMIN, and it didn't works. typing /admin get's me to /denied page :( Can you find a problem here ?

    protected void configure(HttpSecurity httpSec) throws Exception {
        httpSec.authorizeRequests().antMatchers("/").permitAll().antMatchers("/login").permitAll().antMatchers("/admin/**")
                .hasAnyRole("ROLE_ADMIN", "ROLE_PRODUCTION_MANAGER", "ROLE_FOREMAN").antMatchers("/workingpanel")
                // Another .antMatchers //
                .authenticated().and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true")
                .defaultSuccessUrl("/").usernameParameter("email").passwordParameter("password").and().logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/").and()
                .exceptionHandling().accessDeniedPage("/denied");
    }

Aram Yeghiazaryan :

Try to change .antMatchers("/admin/").hasAnyRole("ROLE_ADMIN", ...) to .antMatchers("/admin/").hasAnyRole("ADMIN",....) as Spring Security adds ROLE prefix to each role automatically. For example

protected void configure(final HttpSecurity http) throws Exception {
...
.antMatchers("/admin/** ").hasAnyRole("ADMIN","USER",...)
...

}

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=370791&siteId=1

Java Spring Security - problem with authorize

Spring security 5 Authorize Configuration

Java Spring Security - проблема с AUTHORIZE

[In-depth explanation of Spring Security (12)] Use a third-party (Github) to authorize login

Java Spring Security - problème avec authorize

Java basics "spring security"

Problem trying to @Override the addViewControllers() method - Spring Security

The problem of multiple executions of Spring Security custom filters

java authentication and authorization (Spring Security)

Spring mvc+Spring Security integration, and the solution to the 404 problem in j_spring_security_check

Hadoop: wc org.apache.hadoop.security.authorize.AccessControlList.getACLString()

How to solve the security problem of default serialization in Java?

Java - Spring MVC in garbage problem

Solve the problem of spring security No AuthenticationProvider found for com.

Java achieve with spring login authentication security framework

How to give authorities for users with Java Spring security

Java Spring Security. Logged user information

Spring Security login with Java and Angular2

Spring security security settings

Java Spring boot 2.0 cross domain problem

The security video surveillance platform EasyNVR page cannot upload the authorization file. How to authorize it?

Spring-security md5 encryption and implementation of java

spring-security (1) java config loading mechanism - WebSecurityConfiguration

spring-security（七）java config-sample之concurrency

spring-security (four) jdbc of java config-sample

spring-security（五）java config-sample之rememberme

spring-security (2) java config loading mechanism - @EnableGlobalAuthentication

spring security jwt security check

spring security of web application security

Security Framework (a) Spring Security Profile