我已经为从 DB 动态生成拦截器配置了 spring 安全性。我这里有指南。当我尝试从登录页面访问主页时,出现以下错误:
An Authentication object was not found in the SecurityContext
此错误发生在以下几行的 AbstractSecurityInterceptor 类中(我进行了调试):
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attributes);
}
这是日志:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:339)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:198)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
这是我的 Spring Security 文件配置的链接
我不明白,因为发生此错误,在我的应用程序中登录的用户具有 SYS_ADMIN 角色。此角色有权访问主页...
我已经调试并检查了类 InterceptorApplicationService(此类实现接口 FilterInvocationSecurityMetadataSource)分别返回 SYS_ADMN 角色和方法 getAttributes 和 getAllConfigAttributes 中的角色列表