【发布时间】:2017-01-03 11:47:09
【问题描述】:
我已经使用 WebSecurityConfigAdapter 中的方法为页面配置了我的授权:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
http.servletApi().rolePrefix("");
http
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
http.csrf().disable();
http.authorizeRequests().antMatchers("/patient/mobile.mvc").hasRole("USER_PATIENT").and().formLogin();
http.authorizeRequests().antMatchers("/registration/**").hasRole("USER_RECEPTIONIST").and().formLogin();
http.authorizeRequests().antMatchers("/doctor/**").hasRole("USER_DOCTOR").and().formLogin();
}
在我的 userDetailsService 我有以下方法,给用户他的凭据:
public UserDetails loadUserByUsername(String userEmail) throws UsernameNotFoundException {
// 1: Check if exist receptionist with given name
Receptionist receptionist = loginService.getReceptionistByEmail(userEmail);
if (receptionist != null) {
return createReceptionistUserDetail(receptionist);
}
...
}
private UserDetails createReceptionistUserDetail(Receptionist receptionist) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("USER_RECEPTIONIST"));
UserDetails ud = new User(receptionist.getEmail(), receptionist.getPasswordHash(), grantedAuthorities);
return ud;
}
我在不勾选角色的情况下正常认证和访问没有问题,但是当我添加了基于角色的访问时,任何用户都无法访问他的网页。
这里可能有什么错误?
【问题讨论】:
标签: spring security authorization