LESSON: HTTP 403 Error Caused By Spring Security Role Missing

1. Problem Description

Tomcat local access log:

59.152.238.163 - - [09/Aug/2015:22:50:06 +0000] "GET /bus/api/v2/odds/fb/1035916 HTTP/1.1" 403 993 0.006 Java/1.7.0_10

Java Exception:

java.io.IOException: Server returned HTTP response code: 403 for URL: https://api.xxbroker.com:443/bus/api/v2/odds/fb/1035916
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1625)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
... ...
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
	at java.lang.Thread.run(Thread.java:722)

2. Analysis

Inspired by reference [1], 'If you are getting a 403 code, means that the user does not have the required roles. So, athentication is not the problem, is authorization.'

I checked my configuration in database, there was no correct role data for the user in test, after inserted proper user-role information, this 403 error went away. Cheers!


Reference:

[1] http://stackoverflow.com/questions/1279083/403-access-is-denied-after-authenticating



你可能感兴趣的:(LESSON: HTTP 403 Error Caused By Spring Security Role Missing)