Spring Security 4.1 upgrade - Error 403 Access Denied -

i getting 403 access denied error code on upgrading spring security 4.1.2 , spring 4.3.2

spring-security.xml file

    ... <spring:bean id="rolevoter" class="org.springframework.security.access.vote.rolevoter"> </spring:bean>  <spring:bean id="authenticatedvoter" class="org.springframework.security.access.vote.authenticatedvoter"/>  <spring:bean id="webexpressionvoter" class="org.springframework.security.web.access.expression.webexpressionvoter" />  <spring:bean id="accessdecisionmanager" class="org.springframework.security.access.vote.affirmativebased">       <spring:constructor-arg>        <spring:list>             <spring:ref bean="rolevoter"/>             <spring:ref bean="authenticatedvoter"/>             <spring:ref bean="webexpressionvoter"/>         </spring:list>   </spring:constructor-arg> </spring:bean>  <security:http access-decision-manager-ref="accessdecisionmanager" auto-config='true' use-expressions="true">      <security:intercept-url pattern="/login.jsp" access="hasrole('role_anonymous')" />     <security:intercept-url pattern="/j_spring_security_check" access="hasrole('role_anonymous')" />      <security:intercept-url pattern="/index*" access="hasrole('role_user')"/>      <security:form-login login-page="/login.jsp"         username-parameter="j_username"         password-parameter="j_password"         login-processing-url="/j_spring_security_check"         authentication-failure-url="/accessdenied.jsp" />      <security:logout invalidate-session="true"  delete-cookies="jsessionid"/>      <security:csrf disabled="true"/>  </security:http> ...

i using spring security authenticationprovider class authentication. authenticate(authentication authentication) method in class executed , returns new usernamepasswordauthenticationtoken(user, pwd, authorities).

error stacktrace:

2016-09-02 14:59:21,461 debug [http-/127.0.0.1:8080-1] [org.springframework.security.access.vote.affirmativebased.decide(affirmativebased.java:66)] - voter: org.springframework.security.access.vote.rolevoter@52989292, returned: 0 2016-09-02 14:59:21,461 debug [http-/127.0.0.1:8080-1] [org.springframework.security.access.vote.affirmativebased.decide(affirmativebased.java:66)] - voter: org.springframework.security.access.vote.authenticatedvoter@203cc7cd, returned: 0 2016-09-02 14:59:21,461 debug [http-/127.0.0.1:8080-1] [org.springframework.security.access.vote.affirmativebased.decide(affirmativebased.java:66)] - voter: org.springframework.security.web.access.expression.webexpressionvoter@5e01cc46, returned: -1 2016-09-02 14:59:21,462 debug [http-/127.0.0.1:8080-1] [org.springframework.context.support.abstractapplicationcontext.publishevent(abstractapplicationcontext.java:362)] - publishing event in root webapplicationcontext: org.springframework.security.access.event.authorizationfailureevent[source=filterinvocation: url: /index.html] 2016-09-02 14:59:21,462 debug [http-/127.0.0.1:8080-1] [org.springframework.security.web.access.exceptiontranslationfilter.handlespringsecurityexception(exceptiontranslationfilter.java:186)] - access denied (user not anonymous); delegating accessdeniedhandler org.springframework.security.access.accessdeniedexception: access denied     @ org.springframework.security.access.vote.affirmativebased.decide(affirmativebased.java:84)     @ org.springframework.security.access.intercept.abstractsecurityinterceptor.beforeinvocation(abstractsecurityinterceptor.java:233)     @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:124)     @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:91)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:331)     @ org.springframework.security.web.access.exceptiontranslationfilter.dofilter(exceptiontranslationfilter.java:115)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:331)     @ org.springframework.security.web.session.sessionmanagementfilter.dofilter(sessionmanagementfilter.java:137)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:331)     @ org.springframework.security.web.authentication.anonymousauthenticationfilter.dofilter(anonymousauthenticationfilter.java:111)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:331)     @ org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter.dofilter(securitycontextholderawarerequestfilter.java:169)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:331)

from error stacktrace, webexpressionvoter returning -1.

it resolved after replacing hasrole hasauthority in spring security file.

Thr

Search This Blog

Spring Security 4.1 upgrade - Error 403 Access Denied -

Comments

Post a Comment