问题
This is my rest-dispather-servlet-security.xml file
I have used the XML based configuration in my spring security but I am getting an error in my access attribute access="hasAnyRole('customer')". Here is my xml file.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:user-service id="userService ">
<security:user name="xxx" password="xxx" authorities="customer" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:http create-session="stateless"
use-expressions="true">
<security:intercept-url pattern="/**" access="hasAnyRole('customer')"/>
<security:http-basic />
</security:http>
</beans>
also while accessing it through postman I am able to authenticate the URL but getting the following error
HTTP Status 403 – Forbidden
Type Status Report
Message Access is denied
Description The server understood the request but refuses to authorise it.
Apache Tomcat/8.5.12
回答1:
change this
<security:user name="xxx" password="xxx" authorities="customer" />
to
<security:user name="xxx" password="xxx" authorities="ROLE_customer" />
and you are done
来源:https://stackoverflow.com/questions/45184038/getting-error-in-securityintercept-url-pattern-access-hasanyrolecusto