zoukankan      html  css  js  c++  java
  • Spring-web-security Issue (Access is denied. User must have one of the these roles: ACTUATOR)

    前提条件(Prerequisite)

    1.你的项目里引进了Spring web security 

    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>

    <version>1.5.19.RELEASE</version
    </dependency>

    2. application.properties

    management.context-path=/mgmt

    3. 给Actuator相关的URL 加了另外的权限

    http.authorizeRequests()
    .antMatchers("/mgmt/**").hasAnyRole(ADMIN, SUPPORT, ACTUATOR)
    .antMatchers("/**").hasRole(USER)
    .and().formLogin().and().httpBasic();

    出现的问题(Issue )-- 当登陆你的username and password 时 而且你这个user 是 ADMIN 或SUPPORT时, 出现下面错误页面。

    Access is denied. User must have one of the these roles: ACTUATOR

    解决方法(Solution)

    disable manangement security in application.properties 或系统参数

    management.security.enabled=false

    原因(Cause)

    Spring 会用一个MvcEndpointSecurityInterceptor 阻止所有非actuator角色的用户, 及时你已经重新自定义自己的权限管理。

    private void sendFailureResponse(HttpServletRequest request,
    HttpServletResponse response) throws Exception {
    if (request.getUserPrincipal() != null) {
    String roles = StringUtils.collectionToDelimitedString(this.roles, " ");
    response.sendError(HttpStatus.FORBIDDEN.value(),
    "Access is denied. User must have one of the these roles: " + roles);
    }

  • 相关阅读:
    c++爱问的面试问题
    Ognl底层使用
    [勘探开发]成绩,全栈开发,健全&amp;借贷
    FMS4
    Flex远程调用机制RemoteObject应用技巧
    Flex开发框架cairngorm入门实例
    RC1意思
    获取JAVA[WEB]项目相关路径的几种方法
    排序算法
    jQuery Validate
  • 原文地址:https://www.cnblogs.com/hcoding/p/11429910.html
Copyright © 2011-2022 走看看