我想认为,只有管理员可以查看特定页面的访问被拒绝,但每次我提出请求时,我得到一个错误。它似乎与我的安全上下文文件中的hasRole()。春季安全hasRole()给错误403 -
错误只是说,HTTP状态403 - 当我提出要看到管理jsp页面
安全context.xml的请求访问被拒绝:
<security:http use-expressions="true">
<security:intercept-url pattern="/admin" access="hasAnyRole('admin')" />
<security:form-login login-page="/login"
authentication-failure-url="/login?error=true" />
<security:logout logout-success-url="/loogedout" />
<security:intercept-url pattern="/createoffer" access="isAuthenticated()" />
<security:intercept-url pattern="/docreate" access="isAuthenticated()" />
<security:intercept-url pattern="/offercreated" access="isAuthenticated()" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/loggedout" access="permitAll" />
<security:intercept-url pattern="/newaccount" access="permitAll" />
<security:intercept-url pattern="/createaccount" access="permitAll" />
<security:intercept-url pattern="/accountcreated" access="permitAll" />
<security:intercept-url pattern="/static/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/offers" access="permitAll" />
<security:intercept-url pattern="/**" access="denyAll" />
</security:http>
我的两个在我的数据库表是用户(用户名,电子邮件,启用密码)和权限(用户名,权限)。
任何人都可以提出什么我的错误是什么或如何解决?
你可以发布详细的错误信息,没有它不能帮你很多。 – OPK
@JasonZ道歉,我编辑了错误的帖子。 –
你是否以'admin'身份登录? – OPK