Databases
StackOverflow2013
Postsdbo
PO@Secured throws AccessDeniedException although roles are correct
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO@Secured throws AccessDeniedException although roles are correct
    text
    copied!<p>After solving all <a href="https://stackoverflow.com/questions/1432098/spring-i-want-a-login-form-but-get-authenticationcredentialsnotfoundexception">authentication related problems</a> in my first Spring web application I'm now stuck with authorization.</p> <p>Configuration using <code>@Secured</code> annotations is pretty straight-forward so I don't think I made a mistake here. Additionally I'm using an Active Directory using the LDAP authentication provider and assign roles by AD groups, so isn't a problem either.</p> <p>So here's a brief summary of my problem:</p> <ul> <li>Unsecured actions <strong>work</strong></li> <li>Actions using <code>@Secured("IS_AUTHENTICATED_FULLY")</code> <strong>work</strong></li> <li>Actions using something like <code>@Secured("GROUP_*")</code> <strong>don't work</strong></li> </ul> <p>When calling a secured action a <code>org.springframework.security.AccessDeniedException</code> is thrown. Here's an excerpt from the logs:</p> <pre><code>DEBUG: org.springframework.security.intercept.AbstractSecurityInterceptor - Secure object: ReflectiveMethodInvocation: public org.springframework.web.servlet.ModelAndView de.dillinger.resources.controllers.HostsController.index(); target is of class [de.dillinger.resources.controllers.HostsController]; ConfigAttributes: [GROUP_IT] DEBUG: org.springframework.security.intercept.AbstractSecurityInterceptor - Previously Authenticated: org.springframework.security.providers.UsernamePasswordAuthenticationToken@2a5333d9: Principal: org.springframework.security.userdetails.ldap.Person@1422384: Username: di32001; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: GROUP_ITS, GROUP_ITS-IT, GROUP_INTERNET, GROUP_SYSTEMGRUPPE, GROUP_IT; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 773943FFB14E512872BB6CE25F46C00A; Granted Authorities: GROUP_ITS, GROUP_ITS-IT, GROUP_INTERNET, GROUP_SYSTEMGRUPPE, GROUP_IT </code></pre> <p>As you can see the action requires the <code>GROUP_IT</code> role and my user object has this privilege. I really don't know what's causing this problem.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload