管理员角色的授权被拒绝访问整个系统 - 管理员和主页.所以我将ROLE_ADMIN添加到/ main/home intercept-url.
这是安全xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" requires-channel="https" />
<intercept-url pattern='/main/home/' access="hasRole('ROLE_USER' 'ROLE_ADMIN')" />
<intercept-url pattern='/admin/admin/**' access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern='/main/user/setter/settingpage' access="hasRole('ROLE_USER')" />
<intercept-url pattern='/main/user/setter/addpage' access="hasRole('ROLE_USER')" />
<intercept-url pattern='/login.jsp' access='IS_AUTHENTICATED_ANONYMOUSLY' />
<form-login login-page="/login.jsp" default-target-url="/main/home" authentication-failure-url="/auth/loginfail?error=true"/>
</http>
但这使得整个程序停止工作,因为当我运行代码时,错误是
无法解析表达式'hasRole('ROLE_USER''ROLE_ADMIN')'
当我删除ROLE_ADMIN系统工作,并可以验证用户,而不是ROLE_ADMIN谁现在被拒绝访问所有页面.我在db中设置了角色,直到最近才开始工作.
我正在尝试检索一个对象及其子项。请求出现异常。
模型 - 员工类是一个自引用类,其中带有 checker_id 的检查员也是员工。而且工作人员和检查员都与模块模型有一对多的关系。
public class Staff implements Serializable,
@Id
@Column(name = "staff_id")
private String staffId;
@ManyToOne(cascade={CascadeType.ALL})
@JoinColumn(name="checker_id")
private Staff checker;
@OneToMany(mappedBy="checker", orphanRemoval=true, cascade = CascadeType.ALL)
private Set<Staff> setters = new HashSet<Staff>();
@OneToMany(cascade=CascadeType.ALL, fetch=FetchType.LAZY, mappedBy="setter")
private Set<Module> sModule = new HashSet<Module>();
@OneToMany(cascade=CascadeType.ALL, fetch=FetchType.LAZY, mappedBy="checker")
private Set<Module> cModule = new HashSet<Module>();
//getters and setters}
模块型号
public class Module implements Serializable{
@ManyToOne(fetch=FetchType.LAZY)
@JoinColumn(name="staff_id", insertable=false, updatable=false)
private Staff setter;
@ManyToOne(fetch=FetchType.LAZY)
@JoinColumn(name="checker_id", insertable=false, updatable=false)
private Staff checker;
//getters and setters }
DAO代码 …
我有一个表单,用户可以使用该表单将文件上载到本地驱动器,并将一些数据保存到数据库.但是这个错误信息出现了,我想知道如何处理它.
HTTP Status 400 - The request sent by the client was syntactically incorrect.
控制器
@RequestMapping(value = "/main/user/setter/addpage", method =
RequestMethod.POST, params = "save")
public String saveProcess(@ModelAttribute("module") Module module,
@RequestParam("userId") Integer userId,
@RequestParam("name") String name,
@RequestParam("file") MultipartFile file,
BindingResult result, HttpSession session) {
if (result.hasErrors()) {
return "redirect:/main/user/setter/settingpage";
}
else
if(module != null){
try {
MultipartFile filea = module.getFileData();
InputStream inputStream = null;
OutputStream outputStream = null;
if (filea.getSize() > 0) {
inputStream = filea.getInputStream();
outputStream = new FileOutputStream("C:\\Test\\"
+ …