1. ホーム
  2. 質問と答え
  3. SpringBootとSpringセキュリティが認証されていない

SpringBootとSpringセキュリティが認証されていない

2016-09-08 12 views
0

基本的なセキュリティ(User、Role)を持つSpringBootアプリケーションを作成しました。その後、私はパーミッションでアプリケーションを拡張したいが、私のアプリがもう認証されないのでスタックしてしまう。SpringBootとSpringセキュリティが認証されていない

エンティティとサービスを追加/変更しました。

だから私は、このリソースを取得しようとしたとき:http://localhost:8080/user/list私が好きなログインページが、入って来たが、私はこれでAccessDenied exceptionを得たユーザーの資格情報を入力すると、すべてのリソースの魔女が@PreAuthorizeでアノテートされて起こるです。

コントローラのサンプル:

@Controller 
public class UserController { 
    @RequestMapping("/user/list") 
    @PreAuthorize("hasRole('PERM_READ_USER')") 
    public String listUsers(Model model){ 
     return "user/list"; 
    } 

    @RequestMapping("/user/show") 
    public String getUser(){ 
     return "user/show"; 
    }

デバッグ情報:

2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/address/list] 
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /address/list 
2016-09-08 16:10:06.458 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.AddressController.listAddresses()] 
2016-09-08 16:10:06.459 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/address/list] is: -1 
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied 
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied 
2016-09-08 16:10:06.460 DEBUG 22958 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [public java.lang.String com.example.controllers.AddressController.listAddresses()]: org.springframework.security.access.AccessDeniedException: Access is denied 
2016-09-08 16:10:06.465 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : Could not complete request 

org.springframework.security.access.AccessDeniedException: Access is denied 
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:65) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at com.example.controllers.AddressController$$EnhancerBySpringCGLIB$$d75cbf26.listAddresses(<generated>) ~[classes/:na] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_101] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_101] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_101] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_101] 
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101] 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101] 

2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/login] 
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login 
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()] 
2016-09-08 16:10:06.480 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/login] is: -1 
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*]) 
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login' 
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [[email protected]] based on requested media type 'text/html' 
2016-09-08 16:10:06.482 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet  : Rendering view [[email protected]] in DispatcherServlet with name 'dispatcherServlet' 
2016-09-08 16:10:06.485 DEBUG 22958 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet  : Successfully completed request 
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js] 
2016-09-08 16:10:06.583 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] 
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js 
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css 
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] 
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**] 
2016-09-08 16:10:06.584 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {} 
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[[email protected]42c098]]] and 1 interceptor 
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1 
2016-09-08 16:10:06.585 DEBUG 22958 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js] 
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**] 
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {} 
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[[email protected]42c098]]] and 1 interceptor 
2016-09-08 16:10:06.586 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1 
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet  : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 
2016-09-08 16:10:06.589 DEBUG 22958 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet  : Successfully completed request 
2016-09-08 16:10:06.595 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet  : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 
2016-09-08 16:10:06.597 DEBUG 22958 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet  : Successfully completed request

しかし、私は単に/loginを呼び出すと、私は資格情報を入力しても何も起こらない提出します。

私はこのケースでは、このデバッグ情報を取得:

2016-09-08 16:16:29.567 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/login] 
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login 
2016-09-08 16:16:29.570 DEBUG 22958 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String com.example.controllers.IndexController.loginForm()] 
2016-09-08 16:16:29.571 DEBUG 22958 --- [io-8080-exec-10] o.s.web.cors.DefaultCorsProcessor  : Skip CORS processing: request is from same origin 
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*]) 
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login' 
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [[email protected]] based on requested media type 'text/html' 
2016-09-08 16:16:29.572 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet  : Rendering view [[email protected]] in DispatcherServlet with name 'dispatcherServlet' 
2016-09-08 16:16:29.576 DEBUG 22958 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet  : Successfully completed request 
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/jquery/2.1.4/jquery.min.js] 
2016-09-08 16:16:29.659 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/jquery/2.1.4/jquery.min.js 
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/jquery/2.1.4/jquery.min.js] 
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/jquery/2.1.4/jquery.min.js] are [/webjars/**, /**] 
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/jquery/2.1.4/jquery.min.js] are {} 
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/jquery/2.1.4/jquery.min.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[[email protected]42c098]]] and 1 interceptor 
2016-09-08 16:16:29.660 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/webjars/jquery/2.1.4/jquery.min.js] is: -1 
2016-09-08 16:16:29.666 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] 
2016-09-08 16:16:29.667 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /webjars/bootstrap/3.3.4/css/bootstrap.min.css 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet  : Successfully completed request 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are [/webjars/**, /**] 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] are {} 
2016-09-08 16:16:29.668 DEBUG 22958 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/webjars/]], resolvers=[[email protected]42c098]]] and 1 interceptor 
2016-09-08 16:16:29.669 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/webjars/bootstrap/3.3.4/css/bootstrap.min.css] is: -1 
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet  : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 
2016-09-08 16:16:29.671 DEBUG 22958 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet  : Successfully completed request

マイuserDetailsS​​ervice:

@Service("userDetailsService") 
public class SpringSecurityUserdetailsServiceImpl implements UserDetailsService { 

    private UserService userService; 
    private Converter<User, UserDetails> userToUserDetailsConverter; 

    @Autowired 
    public void setUserService(UserService userService) { 
     this.userService = userService; 
    } 

    @Autowired 
    @Qualifier(value = "userToUserDetails") 
    public void setUserUserDetailsConverter(Converter<User, UserDetails> userUserDetailsConverter) { 
     this.userToUserDetailsConverter = userUserDetailsConverter; 
    } 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
     return userToUserDetailsConverter.convert(userService.findByUsername(username)); 
    } 
}

マイセキュリティ設定:また

@Override 
protected void configure(HttpSecurity httpSecurity) throws Exception { 
    httpSecurity.csrf().ignoringAntMatchers("/h2-console").disable() 
      .authorizeRequests().antMatchers("/**/favicon.ico") .permitAll() 
      .and().authorizeRequests().antMatchers("/webjars/**").permitAll() 
      .and().authorizeRequests().antMatchers("/static/css").permitAll() 
      .and().authorizeRequests().antMatchers("/js").permitAll() 
      .and().formLogin().loginPage("/").permitAll() 
      .and().formLogin().loginPage("/login").permitAll() 
      .and().exceptionHandling().accessDeniedPage("/access_denied"); 
}

マイプロジェクトhttps://github.com/eszikk/spring-security/tree/spring-security-database-permissionsで利用できます。あなたは何か考えているなら私に知らせてください。 Br、

出典

2016-09-08 eszik.k

答えて

1

あなたのセキュリティ設定でこのルートを許可していないため、リクエストはコントローラに届かない場合があります。

次のいずれかを追加する必要があります

.antMatchers("/user/**").hasAnyRole("ADMIN") 


.antMatchers("/user/**").hasAnyAuthority("ROLE_ADMIN")

- または - (どちらの場合も 'ROLE_' プレフィックスを気)。

また、あなたはすべての認証されたユーザーには任意のURLへのアクセスを許可するグローバル

.anyRequest().authenticated()

マッチャーを追加することができます。次に、コントローラの@PreAuthorizeロジックを使用して、アクセスを微調整することができます。

また「.authorizeRequests()」の呼び出しは、あなたができることを意味する、連鎖することができます:

  .authorizeRequests() 
      .antMatchers("/**/favicon.ico") .permitAll() 
      .antMatchers("/webjars/**").permitAll() 
      .antMatchers("/static/css").permitAll() 
      .antMatchers("/js").permitAll() 
      .anyRequest().authenticated()

出典

2016-09-08 15:50:41 vtosh

+0

私はセキュリティの設定を変更したが、まだ動作していない、あなたの提案を試してみました。問題は認証の代わりに認証に関連していると思います。あなたの答えをありがとう。 –

関連する問題

 関連する問題