org.springframework.security.access.AccessDeniedException: 不允许访问

最新推荐文章于 2024-09-08 13:11:49 发布
最新推荐文章于 2024-09-08 13:11:49 发布
阅读量8.4k 收藏 6
点赞数 5
分类专栏: spring security 文章标签: spring 前端
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/louis_lee7812/article/details/127459322
版权

目录

1、错误现象:

2、错误场景和条件:

3、错误原因分析:

4、错误解决办法:

1、错误现象:

测试spring security的权限校验功能时,

提示:【服务器端错误,请联系系统管理员!。这个异常很不友好。

查看日志,出现如下错误信息:

org.springframework.security.access.AccessDeniedException: 不允许访问

完整的错误如下:

2022-10-22 10:50:32.532 ERROR 63820 --- [nio-8093-exec-9] c.f.d.w.c.config.ExceptionHandlerAdvice  : 服务器端错误,请联系系统管理员!

org.springframework.security.access.AccessDeniedException: 不允许访问
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.5.1.jar:5.5.1]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:238) ~[spring-security-core-5.5.1.jar:5.5.1]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208) ~[spring-security-core-5.5.1.jar:5.5.1]
	at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:58) ~[spring-security-core-5.5.1.jar:5.5.1]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar:5.3.9]
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar:5.3.9]
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) ~[spring-aop-5.3.9.jar:5.3.9]
	at com.freedo.dev.web.auth.sysmgr.controller.PositionController$$EnhancerBySpringCGLIB$$32f7e3ac.getDataList(<generated>) ~[classes/:na]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_291]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_291]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_291]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_291]
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197) ~[spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141) ~[spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1064) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.3.9.jar:5.3.9]
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) [spring-webmvc-5.3.9.jar:5.3.9]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) [tomcat-embed-core-9.0.50.jar:4.0.FR]
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.3.9.jar:5.3.9]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) [tomcat-embed-core-9.0.50.jar:4.0.FR]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-embed-websocket-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) [spring-security-web-5.5.1.jar:5.5.1]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.3.9.jar:5.3.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.9.jar:5.3.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.9.jar:5.3.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:142) [spring-session-core-2.5.1.jar:2.5.1]
	at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82) [spring-session-core-2.5.1.jar:2.5.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.3.9.jar:5.3.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.3.9.jar:5.3.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_291]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_291]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.50.jar:9.0.50]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_291]

2、错误场景和条件:

我的一个controller的方法的权限设置如下:

@PreAuthorize("hasAuthority('org:position:user:count')")
	@PreAuthorize("hasAuthority('org:position:user:count')")
	@GetMapping("/getDataList")
    IFdApiResult getDataList(Long departmentId) {
		if(departmentId == null) {
			return FdApiResult.fail("Id不能为空!");
		}
		
		LambdaQueryWrapper<Position> queryWrapper = Wrappers.<Position>lambdaQuery()
				.eq(Position::getDepartmentId, departmentId);
		
		return FdApiResult.success(baseService.list(queryWrapper));
	}

检查我的WebSecurityConfigurerAdapter子类SecurityConfigWithoutUserDetail

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)  //开启方法注入的权限校验
public class SecurityConfigWithoutUserDetail extends WebSecurityConfigurerAdapter {

    @Autowired
    CustomerAuthenticationProvider authenticationProvider;

    /**
     * 登录认证成功的处理方式
     */
    @Autowired
    MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    /**
     * 登录认证失败的处理方式
     */
    @Autowired
    MyAuthenticationFailureHandler myAuthenticationFailureHandler;
    /**
     * 未登录认证的处理方式
     */
    @Autowired
    MyAuthenticationEntryPoint myAuthenticationEntryPoint;
    /**
     * 权限不足的处理方式
     */
    @Autowired
    MyAccessDeniedHandler myAccessDeniedHandler;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()//如果不关闭csrf,所有访问请求都无法响应。
                //配置需要认证的请求
                .authorizeRequests()
                .antMatchers( "/api/sysmgr/identity/login").permitAll()
              .antMatchers("/api/redis/test/**","/api/sysmgr/identity/testRedis","/api/redis/test/setObjectExpireKey").anonymous()
                .antMatchers("/websocket/**/**/**").permitAll()//放行websocket的请求,格式需要和/websocket/{projId}/{platform}/{sid}匹配。
                .anyRequest()
                .authenticated()
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(myAuthenticationEntryPoint)//未登录认证
                .accessDeniedHandler(myAccessDeniedHandler) //无权限访问的处理器
                ;



    }


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

发现,我自定义的myAccessDeniedHandler类没有调用。否则应该提示【没有权限访问】信息

@Component("myAccessDeniedHandler")
public class MyAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        // 跨域处理
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        // 允许的请求方法
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        // 允许的请求头
        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        // 设置响应头
        httpServletResponse.setContentType("application/json;charset=utf-8");
        //通过httpServletRepsonse返回给前台
        //ObjectMapper类的writeValueString方法,是springboot中的jackson提供的将类或其他对象转换成json格式的方法
        httpServletResponse.getWriter().write(new ObjectMapper().writeValueAsString(FdApiResult.success().setMsg("没有权限访问!")));

    }
}

3、错误原因分析:

原因是:@PreAuthorize 注解的异常,抛出AccessDeniedException异常,不会被accessDeniedHandler捕获,而是会被全局异常捕获。

4、错误解决办法:

 所以,修改我项目中的全局异常处理类ExceptionHandlerAdvice

添加一个新的方法:

/**
 * 捕捉AccessDeniedException,spring security抛出的无权限访问的异常信息
 * @param e
 * @return
 */
@ExceptionHandler(AccessDeniedException.class)
public IFdApiResult handleAccessDeniedException(AccessDeniedException e) {
    return FdApiResult.of(HttpStatus.FORBIDDEN.value(), ACCESS_DENIED_MSG);
}

完成的类效果如下:

@Slf4j
@RestControllerAdvice
public class ExceptionHandlerAdvice {

    private static final String ERROR_MSG = "服务器端错误,请联系系统管理员!";
    private static final String ACCESS_DENIED_MSG = "无权限访问,请联系系统管理员!";

    @ExceptionHandler(Throwable.class)
    public IFdApiResult exception(Throwable throwable) {
        log.error(ERROR_MSG, throwable);
        return FdApiResult.of(HttpStatus.INTERNAL_SERVER_ERROR.value(), ERROR_MSG);
    }
    
    @ExceptionHandler(BizException.class)
    public IFdApiResult bizException(BizException throwable) {
        log.error(throwable.getMessage(), throwable);
        return FdApiResult.of(throwable.getCode(), throwable.getMessage());
    }

    /**
     * 捕捉AccessDeniedException,spring security抛出的无权限访问的异常信息
     * @param e
     * @return
     */
    @ExceptionHandler(AccessDeniedException.class)
    public IFdApiResult handleAccessDeniedException(AccessDeniedException e) {
        return FdApiResult.of(HttpStatus.FORBIDDEN.value(), ACCESS_DENIED_MSG);
    }

}

重新测试:

 

依然是那个墨镜
关注
专栏目录
有关spring security的错误之 AccessDeniedException: Access is denied
xiao__shun的博客
07-26 1万+
AccessDeniedException: Access is denied 没有访问权限 解决方法有以下几种 1,form表单对应spring security的配置文件一定一样 spring security的配置文件代替了controller层 2 spring security的配置文件一定可以找到service层 3 在数据库中设置的...
解决:org.springframework.security.access.AccessDeniedException: Access is denied
热门推荐
东天里的冬天
06-30 6万+
最近在使用SpringSecurity时涉及到从数据库中获取用户,结果一直报错,错误如下 Secure object: FilterInvocation: URL: /index.jsp; Attributes: [hasRole('ROLE_USER')] 2017-06-29 23:02:27 731 [DEBUG] Previously Authenticated: org.springf
拒绝访问异常处理(AccessDeniedException)_spring security例子
09-23
拒绝访问异常处理(AccessDeniedException)_spring security例子 博客:blog.csdn.net/dsundsun
Spring项目启动中出现:Access denied for user ‘xx‘@‘localhost‘ (using password: YES)解决方案
最新发布
XIoahua的博客
09-08 488
这个username在spring中是关键词,它获取的的也可能是我们电脑本地用户的名字。因此我们需要将username修改为Name或者你喜欢的名字就可以了。
解决org.springframework.security.access.AccessDeniedException: Access is denied at org.springframewor
qq_52227892的博客
09-15 3712
anonymous() 用于明确指定只允许未经身份验证的用户访问,如果用户进行了身份验证反而不能访问,这种配置一般用于登录、注册页面,用户未登录时候可以访问,登录之后不能访问,而 .permitAll()用于明确指定允许所有用户(包括已登录的用户)访问
关于Security抛出异常AccessDeniedException: 不允许访问
m0_49194578的博客
10-24 5928
可以访问,可是一旦我们配置了全局异常处理,并且添加了Exception处理未匹配异常时,异常就会被全局处理器捕获,而到不了Security。这个异常是由@PreAuthorize抛出的,通过我们定义的。直接把这个异常捕获以后继续向上抛出,让Security处理。直接在全局处理器里处理这个异常了。
org.springframework.security.access.AccessDeniedException: Access is denied
fanjunf的博客
07-18 351
org.springframework.security.access.AccessDeniedException: Access is denied
org.springframework.security.access.accessdeniedexception: 不允许访问
04-30
org.springframework.security.access.accessdeniedexceptionSpring Security框架中的一个异常类。当用户尝试访问被保护的资源,但是由于缺乏必要的授权或权限不足而被拒绝访问时,该异常将被抛出。例如,在通过...
swift调用oc_iOS开发swift语法梳理:访问(权限)控制、内存管理
weixin_39613540的博客
12-01 112
1.访问权限这块,Swift提供了5个不同的级别(以下是从高到低排列)open:允许在自定义实体的模块、其它模块中访问允许其它模块进行继承、重写(open只能作用在类和类成员上)public:允许在定义实体的模块、其它模块中访问,不允许其它模块进行继承、重写。internal:允许在定义实体的模块进行访问,不允许其它模块中访问。fileprivate:只允许在定义实体的源文件中访问。privat...
accessdeniedexception: 不允许访问_pgAdmin的Desktop Mode设置允许远程访问
weixin_35063099的博客
12-30 539
有时候因为一些安全设置或权限问题,不允许用户直接访问PostgreSQL数据库,但是Support系统的用户必须要访问数据库. 那怎么办呢?在一台可以访问PostgreSQL的服务器上安装pgAdmin,然后让用户使用浏览器远程访问pgAdmin,访问PostgreSQL数据库, 那么pgAdmin如何设置允许远程访问呢?其实pgAdmin有Desktop Mode和Server M...
org.springframework.security.access.AccessDeniedException: Access is denied报错
qq_44932835的博客
08-26 2403
org.springframework.security.access.AccessDeniedException: Access is denied报错
关于org.springframework.security.access.AccessDeniedException: Access is denied问题
San_Chi的博客
08-07 2万+
启动程序,一直登陆不进去 点击登陆按钮却一直在登陆页面,后台报错org.springframework.security.access.AccessDeniedException: Access is denied 具体错误信息如下: org.springframework.security.access.AccessDeniedException: Access is denied at or...
Spring security 配置的AccessDeniedHandler无效,抛出AccessDeniedException允许访问
单筱风的博客
12-17 2万+
1.Spring Security 中的异常处理 我们在 Spring Security 实战干货系列文章中的 自定义配置类入口 WebSecurityConfigurerAdapter 一文中提到 HttpSecurity 提供的 exceptionHandling() 方法用来提供异常处理。该方法构造出 ExceptionHandlingConfigurer 异常处理配置类。该配置类提供了两个实用接口: AuthenticationEntryPoint 该类用来统一处理 AuthenticationEx
spring security刚打开页面报org.springframework.security.access.AccessDeniedException: Access is denied
jhbjhbk的博客
02-20 2570
spring securityAccess is denied异常处理      访问时刚打开也面报错,但可以登录,下面是我遇到这个情况的解决 org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.se...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值