org.springframework.security.access.AccessDeniedException: Access is denied

最新推荐文章于 2023-09-15 08:45:08 发布
最新推荐文章于 2023-09-15 08:45:08 发布
阅读量1k 收藏
点赞数
分类专栏: debug 文章标签: java spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Fanor_/article/details/106023673
版权

org.springframework.security.access.AccessDeniedException: Access is denied

黑马权限管理系统项目pring security部分

org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

我的解决办法

通过仔细对照课程源代码后,最后得到了解决,检查以下几个地方:

1.数据库

select * from users_role;
select * from role_permission;

检查这两张表查出来的数据是否一致:user有没有对应的role,以及有没有对应的permission。

2.spring-security.xml部分

1、首先检查index.jsp、failer.jsp、login.jsp是否在webapp目录下
2、然后在对照以下配置检查(我用是没问题的)。
···

<?xml version="1.0" encoding="UTF-8"?> 

<!-- 配置不拦截的资源 -->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/plugins/**" security="none"/>
<!--
    配置具体的规则
    auto-config="true"	不用自己编写登录的页面,框架提供默认登录页面
    use-expressions="false"	是否使用SPEL表达式(没学习过)
-->
<security:http auto-config="true" use-expressions="false">
	<!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER的角色" -->
	<security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>

	<!-- 定义跳转的具体的页面 -->
	<security:form-login
			login-page="/login.jsp"
			login-processing-url="/login.do"
			default-target-url="/index.jsp"
			authentication-failure-url="/failer.jsp"
			authentication-success-forward-url="/pages/main.jsp"
	/>

	<!-- 关闭跨域请求 -->
	<security:csrf disabled="true"/>
	<!-- 退出 -->
	<security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" />

</security:http>

<!-- 切换成数据库中的用户名和密码 -->
<security:authentication-manager>
	<security:authentication-provider user-service-ref="userService">
		<!-- 配置加密的方式
        <security:password-encoder ref="passwordEncoder"/>-->
	</security:authentication-provider>
</security:authentication-manager>

<!-- 配置加密类 -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

<!-- 提供了入门的方式,在内存中存入用户名和密码
<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>
-->
```

3.检查login.jsp

检查是否是/login.do 和 post

<!-- /.login-logo -->
		<div class="login-box-body">
			<p class="login-box-msg">登录系统</p>

			<form action="${pageContext.request.contextPath}/login.do" method="post">
				<div class="form-group has-feedback">
					<input type="text" name="username" class="form-control"
						placeholder="用户名"> <span
						class="glyphicon glyphicon-envelope form-control-feedback"></span>
				</div>

检查web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <!-- 配置加载类路径的配置文件 -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:applicationContext.xml,classpath*:spring-security.xml</param-value>
    </context-param>

    <!-- 配置监听器 -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- 前端控制器(加载classpath:springmvc.xml 服务器启动创建servlet) -->
    <servlet>
        <servlet-name>dispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- 配置初始化参数,创建完DispatcherServlet对象,加载springmvc.xml配置文件 -->
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring-mvc.xml</param-value>
        </init-param>
        <!-- 服务器启动的时候,让DispatcherServlet对象创建 -->
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcherServlet</servlet-name>
        <url-pattern>*.do</url-pattern>
    </servlet-mapping>

    <!-- 解决中文乱码过滤器 -->
    <filter>
        <filter-name>characterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>characterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>
</web-app>
rofanor
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
解决:org.springframework.security.access.AccessDeniedException: Access is denied
东天里的冬天
06-30 6万+
最近在使用SpringSecurity时涉及到从数据库中获取用户,结果一直报错,错误如下 Secure object: FilterInvocation: URL: /index.jsp; Attributes: [hasRole('ROLE_USER')] 2017-06-29 23:02:27 731 [DEBUG] Previously Authenticated: org.springf
拒绝访问异常处理(AccessDeniedException)_spring security例子
09-23
拒绝访问异常处理(AccessDeniedException)_spring security例子 博客:blog.csdn.net/dsundsun
spring security异常记录:org.springframework.security.access.AccessDeniedException: Access is denied
qq_56769991的博客
02-11 2万+
最近在做ssm项目的时候用到spring security时遇到了异常,如下所示: 15:06:28,144 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@52dd6d71: Principal: anonymousUser; Credentials: [PROTECTED]; .
解决org.springframework.security.access.AccessDeniedException: Access is denied at org.springframewor
最新发布
qq_52227892的博客
09-15 3137
anonymous() 用于明确指定只允许未经身份验证的用户访问,如果用户进行了身份验证反而不能访问,这种配置一般用于登录、注册页面,用户未登录时候可以访问,登录之后不能访问,而 .permitAll()用于明确指定允许所有用户(包括已登录的用户)访问。
关于org.springframework.security.access.AccessDeniedException: Access is denied问题
热门推荐
San_Chi的博客
08-07 2万+
启动程序,一直登陆不进去 点击登陆按钮却一直在登陆页面,后台报错org.springframework.security.access.AccessDeniedException: Access is denied 具体错误信息如下: org.springframework.security.access.AccessDeniedException: Access is denied at or...
spring security刚打开页面报org.springframework.security.access.AccessDeniedException: Access is denied
jhbjhbk的博客
02-20 2529
spring securityAccess is denied异常处理      访问时刚打开也面报错,但可以登录,下面是我遇到这个情况的解决 org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.se...
spring-security.rar
08-30
<groupId>org.springframework.boot <artifactId>spring-boot-starter-security ``` 一旦依赖添加完成,Spring Security 将自动启用,并提供默认的安全配置。然而,在实际项目中,我们通常需要根据业务需求进行...
Spring-Security2.0.zip
08-29
这些文件可能包括Spring Security的核心库、依赖的Spring Framework版本以及其他必要的库,比如数据库驱动或加密库。这些jar文件用于构建项目类路径,确保Spring Security能正常工作。 在实际项目中,开发者需要...
Spring Security 3.x 完整入门教程 源代码
03-10
2. **访问控制**:Spring Security 的核心概念之一是访问决策管理器(Access Decision Manager),它决定了用户是否被允许访问某个资源。使用`@Secured`或`@PreAuthorize`等注解可以实现方法级别的权限控制,而`...
Spring Security 2.0.x Sample Code
12-01
8. **异常处理**:Spring Security提供了自定义的异常类,如`AccessDeniedException`和`AuthenticationException`,用于处理安全相关的错误。这些异常会被转换为相应的HTTP响应状态码,如403(禁止访问)和401(未...
Spring Security 2.0 参考手册.pdf
04-13
7. **异常处理**:Spring Security有内置的异常处理机制,当安全检查失败时,会抛出相应的异常,如`AccessDeniedException`(权限不足)和`AuthenticationException`(认证失败)。这些异常可以被自定义的错误页面...
HAP框架-SpringSecurity入门手册.zip
10-04
SpringSecurity是Java领域中一款强大的安全框架,广泛应用于构建安全的Web应用。HAP框架(假设为Highly Advanced Platform)可能是一个集成SpringSecurity的高级应用平台。本入门手册将引导我们深入了解如何在HAP...
System.Login-Java-Spring-:系统登录
05-01
- 未授权访问:当用户尝试访问未授权的资源时,Spring Security会抛出`AccessDeniedException`,可配置`AccessDeniedHandler`来处理这种情况。 6. **记住我功能**: - Spring Security的`RememberMeServices`允许...
spring-security1.zip
10-15
5. **异常处理(Exception Handling)**:Spring Security提供了自定义异常处理机制,例如当用户尝试访问未授权的资源时,系统会抛出`AccessDeniedException`,你可以配置相应的错误页面或者处理逻辑。 6. **记住我...
关于org.springframework.security.AccessDeniedException: Access is denied
Alex Zhou
05-06 2004
在做系统权限管理时使用了springsecurity,出现了如下问题,当一个未授权的用户访问一个被保护的方法时,抛出org.springframework.security.AccessDeniedException: Access is denied。未转到指定的拒绝访问页面,但是当该用户访问被保护的页面时,却能成功转向指定的拒绝访问页面。异常如下:   org.springframewor...
org.springframework.security.access.AccessDeniedException: 不允许访问
louis_lee7812的专栏
10-22 7700
org.springframework.security.access.AccessDeniedException: 不允许访问。原因是:@PreAuthorize 注解的异常,抛出AccessDeniedException异常,不会被accessDeniedHandler捕获,而是会被全局异常捕获。
【已解决】org.springframework.security.access.AccessDeniedException: Access is denied
weixin_46539792的博客
04-17 1万+
错误:org.springframework.security.access.AccessDeniedException: Access is denied 在学习黑马培训班权限管理系统项目学习到day04的知识点查询用户时,发现正常登录没问题,但是点击导航栏的菜单提示403错误,权限不足,错误提示如下: 控制台错误提示如下: org.springframework.security.acces...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值