1. 首页
  2. 问答
  3. Spring Security sec:授权抛出异常

Spring Security sec:授权抛出异常

2015-12-09 70 views
1

我想向我的jsp添加一个字段,只显示给管理员。为此,我使用tag sec:authorize access =“hasRole('Admin')”。但是当我添加它时,应用程序抛出异常:http://pastebin.com/TcN0k0K0
我使用spring 4.1.7.RELEASE,spring-security version 4.0.3.RELEASE。在pom.xml中我已经添加了弹簧安全标记库v.4.0.3
这里是我的JSP代码:Spring Security sec:授权抛出异常

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> 
<html> 
<body>  
<sec:authorize access="hasRole('Admin')"> 
    <p>Must have ROLE_Admin to see this</p> 
</sec:authorize>  
<form name='registerForm' method='POST' action="/admin/createuser"> 
     ...
在存储为ROLE_ADMIN数据库角色

,ROLE_USER
弹簧security.xml文件

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:security="http://www.springframework.org/schema/security" 
      xsi:schemaLocation="http://www.springframework.org/schema/security 

    http://www.springframework.org/schema/security/spring-security-4.0.xsd 
    http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.1.xsd"> 

<http use-expressions="true" > 
    <csrf disabled="true"/> 
    <intercept-url pattern="/admin" access="hasAnyRole('Admin', 'User')" /> 
    <intercept-url pattern="/" access="permitAll" /> 
    <intercept-url pattern="/login" access="permitAll" /> 
    <intercept-url pattern="/logout" access="permitAll" /> 

    <access-denied-handler error-page="/403" /> 

    <form-login login-page='/login' login-processing-url="/login" authentication-failure-url="/403" 
       default-target-url="/admin" 
       username-parameter="login" password-parameter="password" /> 
    <logout logout-url="/logout" logout-success-url="/logoutSuccessful" delete-cookies="JSESSIONID" invalidate-session="true" /> 
</http> 

<authentication-manager> 
    <authentication-provider> 
     <jdbc-user-service data-source-ref="myDataSource" 
          users-by-username-query= "select login, password, 'true' from employee where login=?" 
          authorities-by-username-query= "select login, role from employee where login =? " /> 
    </authentication-provider> 
</authentication-manager> 

<beans:import resource="data-source-cfg.xml"/> 
</beans:beans>

如何解决这个问题?

来源

2015-12-09 Emanon

回答

2

看看这post,你得到的问题是关于春天的版本。您有两种选择:

1 - 要继续使用spring security 4.0.3,必须升级Spring版本的4.2.x.

2 - 要继续使用目前的Spring版本必须降级到春季安全4.0.2

问候

来源

2015-12-09 14:10:24

+0

我只是尝试和看到你的帖子)。适用于spring-security 4.0.1.release – Emanon

相关问题

 相关问题