Witam
Próbuje napisać system logowania i problem pojawił się gdy chciałem zrobić dostęp konkretych widoków dla użytkowników z danym uprawinieniem. Cały czas przy próbie logowania dostaję błąd: type=Forbidden, status=403.
MVC
@Configuration
public class MvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("login");
registry.addViewController("/login").setViewName("login");
registry.addViewController("/panel-admin").setViewName("panel-admin");
registry.addViewController("/panel-student").setViewName("panel-student");
}
}
Spring security
private UserDetailsService userDetailsService;
private CustomSuccessHandler customSuccessHandler;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.antMatchers("/" , "/login" , "/static/**").permitAll()
.antMatchers("/panel-admin", "/panel-admin/**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/panel-student", "/panel-student/**").access("hasRole('ROLE_STUDENT')")
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").successHandler(customSuccessHandler)
.usernameParameter("userName").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout").invalidateHttpSession(false).logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.and()
.csrf().disable();
}
CustomUserDetailsService
private final AccountRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account user = userRepository.findByLogin(username);
System.out.println("User: " + user.toString());
if(null == user){
throw new UsernameNotFoundException("No user present with username: " + username);
}
return new CustomUserDetails(user);
}
CustomUserDetails
public class CustomUserDetails extends Account implements UserDetails {
private static final long serialVersionUID = 1L;
public CustomUserDetails(Account user){
super(user);
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return AuthorityUtils.commaSeparatedStringToAuthorityList(getPermission().getName());
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
@Override
public String getUsername() {
return super.getLogin();
}
}
CustomSuccessHandler
@Component
public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler{
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
String targetUrl = determineTargetUrl(authentication);
System.out.println("ADRES: " + targetUrl);
if (response.isCommitted()) {
System.out.println("Can't redirect");
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(Authentication authentication) {
String url = "";
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
List<String> roles = new ArrayList<>();
for (GrantedAuthority a : authorities) {
roles.add(a.getAuthority());
}
if (isAdmin(roles)) {
url = "/panel-admin";
} else if (isStudent(roles)) {
url = "/panel-student";
}
return url;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
private boolean isStudent(List<String> roles) {
if(roles.contains("STUDENT")) {
return true;
}
return false;
}
private boolean isAdmin(List<String> roles) {
if(roles.contains("ADMIN")) {
return true;
}
return false;
}
}
Z góry dzięki za pomoc.