CODEWITHSUNDEEP
javaspringsecurityhttps
valik
valik

Reputation: 2094

Configure Http security

I have this urls that I have given role USER but i cant access and currently authenticated principal is user 

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().
                antMatchers(PUBLIC_MATCHERS).permitAll().
                antMatchers("/bookDetail/**").hasRole("USER").
                antMatchers("/listOfCreditCards/**").hasRole("USER").
                antMatchers("/shoppingCart/addItem/**").hasRole("USER").
                and().formLogin();

        http
                .csrf().disable().cors().disable()
                .formLogin().failureUrl("/login?error")
                .defaultSuccessUrl("/")
                .loginPage("/login").permitAll()
                .and()
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/?logout").deleteCookies("remember-me").permitAll()
                .and()
                .rememberMe();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        GrantedAuthority authority = new SimpleGrantedAuthority("USER");
        UserDetails userDetails = (UserDetails) new User("V", "A", Arrays.asList(authority));
        return new InMemoryUserDetailsManager(Arrays.asList(userDetails));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("V").password("A").roles("USER");

I get this output -status":403,"error":"Forbidden","message":"Access is denied" Any suggestion on what i should check and there is no stack trace

Upvotes: 0

Views: 106

Answers (1)

Karen12345
Karen12345

Reputation: 55

The only line in your code that authorises any pages is :

antMatchers(PUBLIC_MATCHERS).permitAll()

If this is not your login page, you wont be able to access it as you haven't granted permissions for it. You might want something along the lines below:

http.authorizeRequests().
 antMatchers(PUBLIC_MATCHERS).permitAll(). 
 antMatchers("/bookDetail/**").hasRole("USER").
 antMatchers("/listOfCreditCards/**").hasRole("USER").
 antMatchers("/shoppingCart/addItem/**").hasRole("USER").
.and()
.formLogin().loginPage("/loginPage").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home")
.failureUrl("/loginPage?error")
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/loginPage?logout")
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/accessDenied");

Upvotes: 1

Related Questions