Beytullah Güneyli
Reputation: 550
Access denied on jdbc-authentication with any user [OAUTH2]
I have a jdbc-authentication with an oauth2-authorization in my Spring-Boot Application. Here is my code for the jdbc-authentication:
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, 1 from users where username = ?")
.authoritiesByUsernameQuery(
"select u.username, r.name from users u, roles r, role_users ru "
+ "where u.username = ? and u.id = ru.users_id and ru.roles_id = r.id ");
and my authorization configuration looks like this:
http.
anonymous().disable()
.requestMatchers().antMatchers("/api/v1/users/**")
.and().authorizeRequests()
.antMatchers("/api/v1/users/**").access("hasRole('ADMIN')")
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
Now when i authenticate with a user in my database, everything goes fine. I authenticate with a user who has a role "ADMIN" and so i think it should allow me to access the /api/v1/users/** resource.
But all i get is an access_denied error. what am i doing wrong? Let me know if you have to see more code snippets. I appreciate all your help.
Upvotes: 2
Views: 262
Answers (1)
rick
Reputation: 1895
not a big expert but I never used the method access(...)
Have you tried with hasRole ?
something like
.antMatchers("/api/v1/users/**").hasRole("ADMIN")
Upvotes: 1
Related Questions
- org.h2.jdbc.JdbcSQLInvalidAuthorizationSpecException: Wrong user name or password [28000-200]
- Forbidden, Http.status=403 with jdbcAuthentication()
- Spring OAuth2 Authorization: Access Denied
- spring boot oauth2 with jdbc token store gives oauth_access_token relation doesn't exist
- Basic jdbc authentication, authorization not working
- Spring Security OAuth2 Database -- Bad Credentials Error
- Oauth2 Java Config JDBC
- Spring Security OAuth - Access is denied
- Spring security fails JdbcClientDetailsService error
- JdbcTokenStore implementation with Spring-Boot and OAuth2