網頁

2018/3/20

Spring Security 當進入登入頁面時,出現org.springframework.security.access.AccessDeniedException: Access is denied錯誤

在使用Spring Security時,我們通常會允許任何使用者可進入登入頁面(例如login.jsp),所以通常對/login.jsp的存取權限設定如下。

<http>
  <intercept-url pattern="/login.jsp" access="permitAll" />
  ...
</http>

但儘管access已設為permitAll了,但每次系統啟動時在console的log DEBUG訊息都會看到如下錯誤。

13:48:15.157 [http-nio-8080-exec-2] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
 at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
 at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

但根據官網的說明,這是正常現象所以不用擔心。


參考:

沒有留言:

張貼留言