TomaszC283
Reputation: 17
Java Spring Security - problem with authorize
i have problem with Authorize in Spring Security. i'm writing a simple organizer app and there is a 14 roles, but i'm making whole tests on ROLE_ADMIN, and it didn't works. typing /admin get's me to /denied page :( Can you find a problem here ?
protected void configure(HttpSecurity httpSec) throws Exception {
httpSec.authorizeRequests().antMatchers("/").permitAll().antMatchers("/login").permitAll().antMatchers("/admin/**")
.hasAnyRole("ROLE_ADMIN", "ROLE_PRODUCTION_MANAGER", "ROLE_FOREMAN").antMatchers("/workingpanel")
// Another .antMatchers //
.authenticated().and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/").usernameParameter("email").passwordParameter("password").and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/").and()
.exceptionHandling().accessDeniedPage("/denied");
}
Upvotes: 0
Views: 64
Answers (1)
Aram Yeghiazaryan
Reputation: 26
Try to change .antMatchers("/admin/").hasAnyRole("ROLE_ADMIN", ...) to .antMatchers("/admin/").hasAnyRole("ADMIN",....) as Spring Security adds ROLE prefix to each role automatically. For example
protected void configure(final HttpSecurity http) throws Exception {
...
.antMatchers("/admin/** ").hasAnyRole("ADMIN","USER",...)
...
}
Upvotes: 1
Related Questions
- Implementing Authorization in Spring
- Spring security requests authorization
- Spring Security Authorization
- Authorization and Authentication with Spring Security
- Spring security not authorizing user
- Authorization using Spring Security
- Authentication is not working in spring
- Spring security authenticaton
- Spring Security Authentication Issue
- Spring Security: User Authorization in Java Class