Sh-a-i
Reputation: 95
Spring security 4: Access denied for admin role
I am learning Spring Security. My user admin123 has authority admin. I have an admin.jsp which should be accessible only to user with admin authority.
Security configuration xml has
<security:intercept-url pattern="/admin" access="hasRole('admin')" />
which doesn't seem to work. Administration page is not accessible even after logging in with user admin123.
Not able to figure out the issue. Please help.
Upvotes: 0
Views: 1258
Answers (1)
Sh-a-i
Reputation: 95
This issue was resolved. forgot to update here.
Instead of hasRole('admin'), hasAuthority('admin') needs to be used in these scenarios. hasRole() can be used only if role is mentioned in a particular format. ie, 'ROLE_ADMIN'
So hasRole('ROLE_ADMIN') as well as hasAuthority('admin') work.
Upvotes: 1
Related Questions
- How to configure port for a Spring Boot application
- Difference between Role and GrantedAuthority in Spring Security
- How do I enable logging for Spring Security?
- Unit testing with Spring Security
- Spring Security permitAll not allowing anonymous access
- How Spring Security Filter Chain works
- spring security - access-denied-handler
- Spring security 4 @PreAuthorize(hasAuthority()) access denied
- Spring Security Authorization - Admin is denied access
- I cannot access /admin page after I configured spring security role as hasRole('admin')