• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Problem with <security:intercept-url pattern=...>

 
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Sirs et Madames,
AM trying to set up Spring Security for my application. To start with, I only want 2 types of user, and Admin who will have acces to everything, and a Data Clerk, who has limited access (access to pages specifically given through the security intercept url patterns). The following code excerpt shows how I have done this:



However for some reason when I log in as ROLE_USER I [i]always[i] get the http error:403 Access is Denied. Am i doing something wrong?

Thanks in advance, and let me know if this is not enough information.

 
ranger
Posts: 17346
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And ROLE_USER is how it is stored in your back end datasource for security, meaning your UserDetailService sets the GrantedAuthories as ROLE_USER. With ROLE_ as part of the role string, and all Caps?

Mark
 
Phoenix Kilimba
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mark Spritzler wrote:And ROLE_USER is how it is stored in your back end datasource for security, meaning your UserDetailService sets the GrantedAuthories as ROLE_USER. With ROLE_ as part of the role string, and all Caps?

Mark



Hello Mark,
It is inherited code so am not completely sure what you may be asking, but am posting details of my UserDetailService class, in the hope it helps. Let me know if it doesn't and you need more info



Thanks again
 
A day job? In an office? My worst nightmare! Comfort me tiny ad!
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic