I have configured spring security in my app,authentication is working well but authorization is not working mean @secured() annotation is not working.i am getting error when i access url "There was an unexpected error (type=Forbidden, status=403). Access is denied".
My spring config is
@Autowired
private MongoDBAuthenticationProvider authenticationProvider;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**", "/css/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().defaultSuccessUrl("/resource")
.and().logout().and().authorizeRequests()
.antMatchers("/logout").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest()
.authenticated()
.and().csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
My controller is
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
UserService userService;
@Secured(value={"ROLE_ADMIN"})
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public void getUser() {
System.out.println("working");
}
}
Database user is
{ "_id" : ObjectId("555982a5360403572551660c"), "username" : "user", "password" : "pass", "role" : "ADMIN" }
Aucun commentaire:
Enregistrer un commentaire