带有hasRole的Spring安全蚂蚁匹配器无法正常工作

问题描述 投票:0回答:1

我已使用WebSecurityConfigAdapter中的方法为页面配置了我的授权:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    super.configure(auth);
    auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    //super.configure(http);
    http.servletApi().rolePrefix("");
    http
      .logout()
          .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/patient/mobile.mvc").hasRole("USER_PATIENT").and().formLogin();
    http.authorizeRequests().antMatchers("/registration/**").hasRole("USER_RECEPTIONIST").and().formLogin();
    http.authorizeRequests().antMatchers("/doctor/**").hasRole("USER_DOCTOR").and().formLogin();
}

在我的userDetailsS​​ervice中,我有以下方法,为用户提供他的凭据:

public UserDetails loadUserByUsername(String userEmail) throws UsernameNotFoundException {
    // 1: Check if exist receptionist with given name
    Receptionist receptionist = loginService.getReceptionistByEmail(userEmail);
    if (receptionist != null) {
        return createReceptionistUserDetail(receptionist);
    }
...
}

private UserDetails createReceptionistUserDetail(Receptionist receptionist) {
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
    grantedAuthorities.add(new SimpleGrantedAuthority("USER_RECEPTIONIST"));
    UserDetails ud = new User(receptionist.getEmail(), receptionist.getPasswordHash(), grantedAuthorities);
    return ud;
}

在没有检查角色的情况下,我没有正常身份验证和访问的问题,但是当我添加基于角色的访问权限时,任何用户都无法访问他的网页。

这可能是错误的实施?

spring security authorization
1个回答
1
投票

好吧,似乎问题在于前缀。上面的代码仍未禁用它。

当我在方法中更改方法时:

private UserDetails createReceptionistUserDetail(Receptionist receptionist) {
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
    grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER_RECEPTIONIST"));
    UserDetails ud = new User(receptionist.getEmail(), receptionist.getPasswordHash(), grantedAuthorities);
    return ud;
}

用户可以毫无问题地登录。我试图找到一个简单的解决方案,但这里的解决方案不是那么简单,仅使用“ROLE_”前缀... :-)

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.