org.springframework.security.access.AccessDeniedException: Access is denied

最新推荐文章于 2024-04-30 22:38:19 发布
最新推荐文章于 2024-04-30 22:38:19 发布
阅读量1k 收藏
点赞数
分类专栏: BUG 文章标签: servlet spring java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_39354140/article/details/129153453
版权

问题描述

使用SpringSecurity时,已经允许登录接口匿名访问:
在这里插入图片描述

还是报错:

org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator.isAllowed(DefaultWebInvocationPrivilegeEvaluator.java:100) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator.isAllowed(DefaultWebInvocationPrivilegeEvaluator.java:67) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.isAllowed(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.java:76) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter.isAllowed(ErrorPageSecurityFilter.java:88) [spring-boot-2.6.11.jar:2.6.11]
	at org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter.doFilter(ErrorPageSecurityFilter.java:76) [spring-boot-2.6.11.jar:2.6.11]
	at org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter.doFilter(ErrorPageSecurityFilter.java:70) [spring-boot-2.6.11.jar:2.6.11]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:87) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) [spring-web-5.3.22.jar:5.3.22]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) [spring-web-5.3.22.jar:5.3.22]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) [spring-web-5.3.22.jar:5.3.22]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) [spring-security-web-5.6.7.jar:5.6.7]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) [spring-web-5.3.22.jar:5.3.22]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) [spring-web-5.3.22.jar:5.3.22]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.22.jar:5.3.22]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.22.jar:5.3.22]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) [spring-web-5.3.22.jar:5.3.22]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) [spring-web-5.3.22.jar:5.3.22]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:711) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:385) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:313) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:403) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:249) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.65.jar:9.0.65]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_281]

原因

在过滤器中使用 SecurityContextHolder 对所有请求都进行了授权,而 .anonymous() 只允许未授权的请求访问
在这里插入图片描述

解决方法

在过滤器中将授权业务放在token验证后,token为空的直接放行,不进行授权
在这里插入图片描述

ppo_wu
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
拒绝访问异常处理(AccessDeniedException)_spring security例子
09-23
拒绝访问异常处理(AccessDeniedException)_spring security例子 博客:blog.csdn.net/dsundsun
【解决】分析SpringSecurity访问请求权限不足AccessDeniedException问题
sunao1106的博客
08-13 5924
> 该方法中首先调用了`this.obtainSecurityMetadataSource().getAttributes(object)`方法,通过当前请求路径获取到**访问该请求所需要的权限**(object是上一步调用传过来的参数,封装了我们请求路径的一些信息)。.........
Spring Security出现问题:Access is denied
uouj3766的博客
03-24 4578
报错情况如下: 在登录的时候报错,如下: org.springframework.security.access.AccessDeniedException: Access is denied spring-security.xml代码: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.spr...
java操作elasticsearch5.x的demo
08-08
java操作elasticsearch的简单demo,简单好用,易理解,谢谢各位支持
Spring Security出现问题:Access is denied 及我的解决方案
热门推荐
txd2016_5_11的博客
01-24 6万+
近日使用spring security,xml文件如下: ...... <!-- 页面拦截规则 --> <http pattern="/shoplogin.html" security="none"></http> <http pattern="/loginerror.html" security="none"></http> ...
spring security异常记录:org.springframework.security.access.AccessDeniedException: Access is denied
qq_56769991的博客
02-11 2万+
最近在做ssm项目的时候用到spring security时遇到了异常,如下所示: 15:06:28,144 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@52dd6d71: Principal: anonymousUser; Credentials: [PROTECTED]; .
解决org.springframework.security.access.AccessDeniedException: Access is denied at org.springframewor
qq_52227892的博客
09-15 2428
anonymous() 用于明确指定只允许未经身份验证的用户访问,如果用户进行了身份验证反而不能访问,这种配置一般用于登录、注册页面,用户未登录时候可以访问,登录之后不能访问,而 .permitAll()用于明确指定允许所有用户(包括已登录的用户)访问。
org.springframework.security.access.AccessDeniedException: 不允许访问
louis_lee7812的专栏
10-22 7167
org.springframework.security.access.AccessDeniedException: 不允许访问。原因是:@PreAuthorize 注解的异常,抛出AccessDeniedException异常,不会被accessDeniedHandler捕获,而是会被全局异常捕获。
关于org.springframework.security.access.AccessDeniedException: Access is denied问题
San_Chi的博客
08-07 2万+
启动程序,一直登陆不进去 点击登陆按钮却一直在登陆页面,后台报错org.springframework.security.access.AccessDeniedException: Access is denied 具体错误信息如下: org.springframework.security.access.AccessDeniedException: Access is denied at or...
spring security刚打开页面报org.springframework.security.access.AccessDeniedException: Access is denied
jhbjhbk的博客
02-20 2474
spring securityAccess is denied异常处理      访问时刚打开也面报错,但可以登录,下面是我遇到这个情况的解决 org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.se...
粒子创造宇宙学的两流体解决方案
04-29
研究了由时变引力场结合连续粒子产生驱动的宇宙演化。 在广义相对论的背景下,我们考虑具有两种物质流体的空间平坦,均匀且各向同性的宇宙。 一种流体被赋予重力诱导的“绝热”粒子生成,而第二种流体仅满足能量守恒...
java NIO详细教程
10-09
java NIO详细教程,包括使用背景,实现原理,代码实现
solr部署技术文档。
03-21
自己做的可以用,自己做的可以用自己做的可以用自己做的可以用自己做的可以用
Spring AI 抢先体验,5 分钟玩转 Java AI 应用开发
阿里巴巴云原生的博客
04-29 836
Spring Cloud Alibaba AI 以 Spring AI 为基础,并在此基础上提供阿里云通义系列大模型全面适配,让用户在 5 分钟内开发基于通义大模型的 Java AI 应用。
SpringBoot中实现发送邮件
m0_64289188的博客
04-30 382
当你添加了spring-boot-starter-mail依赖后,Spring Boot会自动配置JavaMailSender实例,并根据application.yml文件中的属性来配置这个实例。你可以直接在需要发送邮件的地方通过@Autowired注解将JavaMailSender实例注入到你的类中,然后使用它来发送邮件。:首先,需要在你的pom.xml文件中添加Spring Boot的邮件发送器依赖。,简化了在Spring Boot应用程序中发送电子邮件的设置过程。Spring Boot的。
springboot 获取maven打包时间
I do more ,you do less
04-30 242
【代码】springboot 获取maven打包时间。
springboot整合webflux,mono
qq_19891197的博客
04-30 156
springboot整合webflux,mono
2 Spring IoC
最新发布
qq_24907431的博客
04-30 287
该属性是 Bean 实例的唯一标识,程序通过 id 属性访问 Bean,Bean 与 Bean 间的依赖关系也是通过 id 属性关联的。:该属性是 Bean 实例的唯一标识,程序通过 id 属性访问 Bean,Bean 与 Bean 间的依赖关系也是通过 id 属性关联的。:指定该 Bean 所属的类,注意这里只能是类,不能是接口。创建一个工程名为 spring-ioc-demo 的项目,:指定该 Bean 所属的类,注意这里只能是类,不能是接口。
SpringCloudAlibaba:2.nacos
m0_63040701的博客
04-26 932
Nacos是阿里巴巴开源的服务注册中心以及配置中心Nacos=注册中心Eureka + 服务配置Config + 服务总线Bus。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值