Dear Sirs et Madames,
AM trying to set up Spring Security for my application. To start with, I only want 2 types of user, and Admin who will have acces to everything, and a Data Clerk, who has limited access (access to pages specifically given through the security intercept url patterns). The following code excerpt shows how I have done this:
However for some reason when I log in as ROLE_USER I [i]always[i] get the http error:403 Access is Denied. Am i doing something wrong?
Thanks in advance, and let me know if this is not enough information.
Mark Spritzler wrote:And ROLE_USER is how it is stored in your back end datasource for security, meaning your UserDetailService sets the GrantedAuthories as ROLE_USER. With ROLE_ as part of the role string, and all Caps?
It is inherited code so am not completely sure what you may be asking, but am posting details of my UserDetailService class, in the hope it helps. Let me know if it doesn't and you need more info
subject: Problem with <security:intercept-url pattern=...>