输入正确的凭证后,我得到403访问被拒绝页面。这里有一些重要的文件。问题:Spring自定义登录返回403访问被拒绝页面
弹簧security.xml文件
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/manageIndustry/viewAddIndustryForm"
access="hasRole('Recruiter')" />
<security:form-login login-page="/login/"
default-target-url="/userpage/"
authentication-failure-url="/accessdenied"
username-parameter="emailId"
password-parameter="userPassword"
login-processing-url="/j_spring_security_check"
always-use-default-target="false" />
<security:logout invalidate-session="true" />
<security:csrf />
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="LoginService">
</security:authentication-provider>
LoginService.java
@Override
public UserDetails loadUserByUsername(String emailID)
throws UsernameNotFoundException {
UserVO userVO=userDAO.getSingleUserByEmailId(emailID);
if(userVO==null){
return null;
}
List<SimpleGrantedAuthority> grantedAuthority=buildSimpleGrantedAuthority(userVO);
UserDetails userDetails=new User(userVO.getEmailId(),userVO.getUserPassword(),userVO.getIsActive()== 1 ? true : false,true,true,true,grantedAuthority);
return userDetails;
}
private List<SimpleGrantedAuthority> buildSimpleGrantedAuthority(
final UserVO userVO) {
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
if (userVO.getRoleVO() != null) {
grantedAuthorities.add(new SimpleGrantedAuthority(userVO
.getRoleVO().getRoleName()));
}
return grantedAuthorities;
}
登录Controller.java
@RequestMapping("/userpage")
public ModelAndView userpage() {
ModelAndView modelAndView = new ModelAndView();
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
log.info(principal);
if (principal instanceof UserDetails) {
Collection<? extends GrantedAuthority> authorities = ((UserDetails) principal)
.getAuthorities();
if (authorities.size() == 1) {
final Iterator<? extends GrantedAuthority> iterator = authorities
.iterator();
GrantedAuthority grantedAuthority = iterator.next();
if (grantedAuthority.getAuthority().equals("Recruiter")) {
IndustryVO industryVO = new IndustryVO();
modelAndView.addObject("industryVO", industryVO);
modelAndView.setViewName("addIndustry");
return modelAndView;
}
}
}
modelAndView.setViewName("viewIndustry");
return modelAndView;
}
IndustryController.java
@RequestMapping("/manageIndustry")
public class IndustryController {
@Autowired
IndustryDAO industryDAO;
@RequestMapping("/viewAddIndustryForm")
public ModelAndView viewAddIndustryForm() {
Object principal=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
log.info("this is called");
ModelAndView modelAndView = new ModelAndView();
IndustryVO industryVO = new IndustryVO();
modelAndView.addObject("industryVO", industryVO);
modelAndView.setViewName("addIndustry");
return modelAndView;
}
打开http://localhost:8080/JobPortal/login
并输入正确的凭证后,它将我重定向到addIndustry页面,考虑default-target-url="/userpage/"
和登录控制器中的代码。
但是当我尝试的情况下直接访问登陆页面addIndustry即http://localhost:8080/JobPortal/manageIndustry/viewAddIndustryForm
它打开登录页面,按CONFIGRATION在Spring-Security.xml
但即使提供正确的凭据后,我得到HTTP Status 403 - Access is denied
任何帮助将不胜感激。
谢谢。