使用SpringSecurity中遇到用户具有该权限, 但是访问Controller时却被自定义失败处理器类捕捉到权限不足
前端使用的是ajax请求,
$.ajax({
url:"http://localhost/logout",
type:"POST",
beforeSend: function(req) {
req.setRequestHeader("token", window.localStorage.getItem("token"));
},
success:function(res){
console.log(res);
}
});
这是Controller内容部分的代码 需要的权限是 account:select:myself
@RestController
@RequestMapping("/logout")
public class LogoutController {
@Autowired
LogoutService logOutService;
@PostMapping
@PreAuthorize("hasAuthority('account:select:myself')")
public Result logout(@RequestHeader String token){
return logOutService.logout(token);
}
}
这是通过token从redis中获取到的UsernamePasswordAuthenticationToken对象的部分(省略掉用户的信息)
permissions=[account:select:myself, account:update:myself, account:delete:myself, admin:select:all, admin:update:all, admin:delete:all],
collect=[account:select:myself, account:update:myself, account:delete:myself, admin:select:all, admin:update:all, admin:delete:all],
authorities=[account:select:myself, account:update:myself, account:delete:myself, admin:select:all, admin:update:all, admin:delete:all]),
Credentials=[PROTECTED], Authenticated=true, Details=null,
Granted Authorities=[account:select:myself, account:update:myself, account:delete:myself, admin:select:all, admin:update:all, admin:delete:all]
这是自定义处理方法
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
Result result = new Result(HttpStatus.FORBIDDEN.value(),"","您没有权限进行操作!");
final String strResult = JSON.toJSONString(result);
WebUtil.renderString(response,strResult);
}
}
这是携带有效token访问接口的返回结果
{code: 403, data: "", message: "您没有权限进行操作!"}
其他的接口用这种方式都可以正常使用, 但是唯独这个接口不能够进行访问, 后台也可以正常接收到token并从redis中获取到存储的数据并打印出来
尝试过更换成其他权限, 但是仍然是一样的结果
求各路能人指教