if (privilege.equals(user.getBeizhu())) {
// return new org.springframework.security.core.userdetails.User(username, user.getPwd(), AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_admin,admin"));
return new org.springframework.security.core.userdetails.User(username,
user.getPwd(),
AuthorityUtils.commaSeparatedStringToAuthorityList("admin,ROLE_abc"));
}
配置是这样的,
.and()
.authorizeHttpRequests()
.antMatchers("/img/*","/login.html","/login.html","/fail.html","/showFail").permitAll()
.antMatchers("/abc")
.hasAnyRole("abc")
.antMatchers("/efg")
.hasAnyRole("abc")
.antMatchers("/hij")
.hasRole("abc")
.anyRequest().authenticated()
这里设置具有abc角色的可以访问/abc,
但是运行后都是403,无权限,想不通,不应该呀,是那里漏了?