关于sping-security的Access is denied问题,可以正常登陆

最新推荐文章于 2024-07-18 00:55:55 发布
最新推荐文章于 2024-07-18 00:55:55 发布
阅读量2.4k 收藏 2
点赞数 5
分类专栏: 框架配置 文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u013268066/article/details/104289554
版权

使用Spring Security的时候可以登陆,功能也正常使用但是启动日志报了Access is denied。找了一些回答都不是我想要的,就自己研究了一下,首先这个日志是Debug级别的,那就说明不是报错是调试才能看到的,跟进源码

public class AffirmativeBased extends AbstractAccessDecisionManager {
    public AffirmativeBased(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
        super(decisionVoters);
    }

    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
        int deny = 0;
        Iterator var5 = this.getDecisionVoters().iterator();

        while(var5.hasNext()) {
            AccessDecisionVoter voter = (AccessDecisionVoter)var5.next();
            int result = voter.vote(authentication, object, configAttributes);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Voter: " + voter + ", returned: " + result);
            }

            switch(result) {
            case -1:
                ++deny;
                break;
            case 1:
                return;
            }
        }

        if (deny > 0) {
            throw new AccessDeniedException(this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
        } else {
            this.checkAllowIfAllAbstainDecisions();
        }
    }
}

发现是被拦截导致的,我的是在启动时候报的错,那就是说启动时候有请求被拦截了;启动时候发起的请求就只有web.xml配置的启动页了,OK,问题找到了。

解决也就很简单了,将web.xml的启动页改为Security的放行页就OK了。

报错日志:

2020-02-13 00:55:55,283 7703   [nio-8080-exec-4] DEBUG cept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@573465d5: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2020-02-13 00:55:55,286 7706   [nio-8080-exec-4] DEBUG y.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5407b410, returned: -1
2020-02-13 00:55:55,286 7706   [nio-8080-exec-4] DEBUG ess.ExceptionTranslationFilter  - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
2020-02-13 00:55:55,310 7730   [nio-8080-exec-4] DEBUG equest.HttpSessionRequestCache  - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/role-manager-web/]
2020-02-13 00:55:55,311 7731   [nio-8080-exec-4] DEBUG ess.ExceptionTranslationFilter  - Calling Authentication entry point.
2020-02-13 00:55:55,311 7731   [nio-8080-exec-4] DEBUG ty.web.DefaultRedirectStrategy  - Redirecting to 'http://localhost:8080/role-manager-web/login.jsp'
2020-02-13 00:55:55,311 7731   [nio-8080-exec-4] DEBUG ssionSecurityContextRepository  - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-02-13 00:55:55,311 7731   [nio-8080-exec-4] DEBUG curityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed
2020-02-13 00:55:55,336 7756   [nio-8080-exec-5] DEBUG .matcher.AntPathRequestMatcher  - Checking match of request : '/login.jsp'; against '/login.jsp'
2020-02-13 00:55:55,336 7756   [nio-8080-exec-5] DEBUG .security.web.FilterChainProxy  - /login.jsp has an empty filter list

 

梅子没有酒
关注
专栏目录
Spring Security出现问题Access is denied
uouj3766的博客
03-24 4765
报错情况如下: 在登录的时候报错,如下: org.springframework.security.access.AccessDeniedException: Access is denied spring-security.xml代码: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.spr...
有关spring security的错误之 AccessDeniedException: Access is denied
xiao__shun的博客
07-26 1万+
AccessDeniedException: Access is denied 没有访问权限 解决方法有以下几种 1,form表单对应spring security的配置文件一定一样 spring security的配置文件代替了controller层 2 spring security的配置文件一定可以找到service层 3 在数据库中设置的...
解决org.springframework.security.access.AccessDeniedException: Access is denied at org.springframewor
qq_52227892的博客
09-15 3559
anonymous() 用于明确指定只允许未经身份验证的用户访问,如果用户进行了身份验证反而不能访问,这种配置一般用于登录、注册页面,用户未登录时候可以访问,登录之后不能访问,而 .permitAll()用于明确指定允许所有用户(包括已登录的用户)访问。
org.springframework.security.access.AccessDeniedException: Access is denied
fanjunf的博客
07-18 241
org.springframework.security.access.AccessDeniedException: Access is denied
学习Spring Security出现问题Access is denied。我的问题是这样解决的。
T1072029017的博客
03-09 7495
今天学习黑马SSM整合案例【企业权限管理系统】,在学习Spring Security时遇到了问题spring-security.xml配置文件如下: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:secu...
Spring Security出现问题Access is denied 及我的解决方案
热门推荐
txd2016_5_11的博客
01-24 6万+
近日使用spring security,xml文件如下: ...... <!-- 页面拦截规则 --> <http pattern="/shoplogin.html" security="none"></http> <http pattern="/loginerror.html" security="none"></http> ...
spring Security登录报错:Access is denied (user is anonymous); redirecting to authentication entry point
m0_46364526的博客
04-25 7149
错误描述 最近在做黑马的管理系统练习,在使用spring security进行登录验证时报错:Access is denied (user is anonymous); redirecting to authentication entry point 报错信息如下: 使用的spring-security.xml文件如下: 错误分析 我在网上查阅了各种导致Access is denied (user is anonymous)的解决办法,都无法解决我的问题,我转换思路,由于我是在未进入登录页面是就出现此
sping-boot-shiro-jwt-redis-refreshtoken.zip
08-25
标题 "sping-boot-shiro-jwt-redis-refreshtoken.zip" 暗示这是一个关于Spring Boot、Shiro、JWT(JSON Web Token)以及Redis整合的项目,用于实现权限管理和安全认证,特别是涉及到Token的自动刷新功能。...
sping-cloud-advance
06-27
SpringBoot统一异常处理及实战源码
sping-mvc-proj
05-27
通过学习 "sping-mvc-proj",你可以掌握 Spring MVC 的基本概念和实践技巧,包括请求处理、视图解析、依赖注入、AOP(面向切面编程)、事务管理等方面。这将有助于你开发出高效、可维护的 Java Web 应用程序。在实际...
sping-boot-shiro-jwt-redis.zip
07-22
通过以上步骤,我们可以实现一个安全、高效的身份验证和授权系统,用户在Token即将过期时无需重新登录,只需接收新的Token即可继续操作,提升了整体系统的用户体验。 总的来说,Spring Boot、Shiro、JWT和Redis的...
拒绝访问异常处理(AccessDeniedException)_spring security例子
09-23
拒绝访问异常处理(AccessDeniedException)_spring security例子 博客:blog.csdn.net/dsundsun
sping-mybatis.rar
05-14
学习
spring security异常记录:org.springframework.security.access.AccessDeniedException: Access is denied
qq_56769991的博客
02-11 2万+
最近在做ssm项目的时候用到spring security时遇到了异常,如下所示: 15:06:28,144 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@52dd6d71: Principal: anonymousUser; Credentials: [PROTECTED]; .
spring security刚打开页面报org.springframework.security.access.AccessDeniedException: Access is denied
jhbjhbk的博客
02-20 2551
spring securityAccess is denied异常处理      访问时刚打开也面报错,但可以登录,下面是我遇到这个情况的解决 org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.se...
使用spring-security时出现的两个错误Access is denied和Bad credentials
weixin_46133437的博客
03-24 456
和别人综合一下,都是看的某马的视频 1 Access is denied 第一次改的是login.jsp 这是spring-security.xml中定义跳转的具体页面那块 让上边这俩图里的路径一样就行。 2 Access is denied 第二次还是有这个错误 就把这里添加上不拦截index页面 3 Bad credentials 一直登录失败,并且报这个错,原因是 把用户的密码加密给...
使用SecurityAccess is denied
weixin_54236682的博客
10-25 311
使用Security时出现 Access is denied问题
关于org.springframework.security.AccessDeniedException: Access is denied
Alex Zhou
05-06 2033
在做系统权限管理时使用了springsecurity,出现了如下问题,当一个未授权的用户访问一个被保护的方法时,抛出org.springframework.security.AccessDeniedException: Access is denied。未转到指定的拒绝访问页面,但是当该用户访问被保护的页面时,却能成功转向指定的拒绝访问页面。异常如下:   org.springframewor...
sping-boot升级到2.7.18后,spock单元测试运行报错
最新发布
09-07
Spring Boot 升级到 2.7.18 后,如果您的 Spock 单元测试开始报错,这可能是由于版本更新带来的兼容性问题,特别是当 Spring Boot 或其依赖库有较大变动时。Spock 是一个用于 JVM 的 BDD 测试框架,它可能需要与 ...
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值