Wenn ich einen jdbc-Benutzer-Service verwende, erhalte ich einen Fehler 403 nach dem Einloggen mit guten Anmeldeinformationen. Wenn ich mich jedoch mit schlechten Zugangsdaten einloggen will, wird meine Login-Seite angezeigt (was wir wollen).Spring Security: 403 Fehler für authentifizierten Benutzer
Ich habe den http-Block in meinem Sicherheitskontext getestet, indem ich den generischen Benutzer-Service benutzt habe und es hat gut funktioniert.
Bitte helfen Sie mir zu verstehen, was falsch ist und wie es zu beheben ist. Bitte erläutern Sie auch, welche Hinweise zu Ihrer Schlussfolgerung geführt haben.
Ich schließe meinen Code ein.
meine Kundentabelle:
DROP TABLE IF EXISTS `customer`;
CREATE TABLE `customer` (
`client_id` int(7) unsigned NOT NULL AUTO_INCREMENT,
`client_name_first` varchar(40) NOT NULL,
`client_name_last` varchar(40) NOT NULL,
`client_name_middle_initial` char(1) DEFAULT NULL,
`client_phone_home` varchar(14) DEFAULT NULL,
`client_phone_cell` varchar(14) DEFAULT NULL,
`client_addr_shipping_line_one` varchar(80) NOT NULL,
`client_addr_shipping_line_two` varchar(80) DEFAULT NULL,
`client_addr_shipping_city` varchar(30) NOT NULL,
`client_addr_shipping_state` char(2) NOT NULL,
`client_addr_shipping_zip` char(5) NOT NULL,
`client_addr_shipping_country_code` char(2) NOT NULL DEFAULT 'US',
`client_addr_billing_line_one` varchar(80) NOT NULL,
`client_addr_billing_line_two` varchar(80) DEFAULT NULL,
`client_addr_billing_city` varchar(30) NOT NULL,
`client_addr_billing_state` char(2) NOT NULL,
`client_addr_billing_zip` char(5) NOT NULL,
`client_addr_billing_country_code` char(2) NOT NULL DEFAULT 'US',
`client_status_code` smallint(1) unsigned NOT NULL DEFAULT '0',
`client_date_created` date NOT NULL,
`client_email_address` varchar(60) NOT NULL,
`client_password` varchar(16) NOT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`client_id`,`client_email_address`),
UNIQUE KEY `idx_clientEmail` (`client_email_address`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;
Behörden
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`client_email_address` varchar(60) NOT NULL,
`authority` varchar(50) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
meine Sicherheitskontext
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/members/*" access="ROLE_ADMIN" />
<form-login login-page="/login.xhtml" authentication-failure-url="/loginfailed.xhtml" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="mysqlDataSource"
users-by-username-query="
select client_email_address, client_password, enabled
from customer where client_email_address=?"
authorities-by-username-query="
select au.authority, c.client_email_address
from customer c, authorities au
where au.client_email_address = c.client_email_address and c.client_email_address =?"
/>
</authentication-provider>
</authentication-manager>
<!-- ================ OLD WAY ==================================================
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rexryan" password="jets" authorities="ROLE_ADMIN" />
<user name="djeter" password="17684514" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
-->
</beans:beans>
meine Auth bean
package security;
import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@Named
@RequestScoped
public class AuthenticationBean {
public String doLogin() throws IOException, ServletException{
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
public String doLogout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "/logout.xhtml";
}
}
Datei
meine verkürzte Protokoll ist:
INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /members/index.xhtml; Attributes: [ROLE_ADMIN]
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Previously Authenticated: org.springframew[email protected]ffff6aba: Principal: [email protected]: Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: a5bf43173b732a74bdeac9279de2; Granted Authorities: [email protected]
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: [email protected], returned: -1
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: [email protected]0e8, returned: 0
INFO: [31/03/12 04:04:43:043 EDT] DEBUG access.ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
403 bedeutet, dass Benutzer Zugriff haben jedoch nicht dazu berechtigt, eine Seite zu sehen (nach dem Login-Seite in Ihrem Fall). Was sollte der Benutzer der Seite/Aktion nach der Anmeldung standardmäßig tun? Ich sehe es nicht in Ihrer Konfiguration. Überprüfen Sie, ob Ihr Benutzer die Rolle "Administrator" hat. – jddsantaella