lab06 Custom 403(Access Denied Page)

uniquejava · uniquejava · commit 66bada02a190 · 2019-08-08T11:22:15.000+08:00
diff --git a/lab06_springboot2_sec_jpa_thymeleaf/README.md b/lab06_springboot2_sec_jpa_thymeleaf/README.md
@@ -17,7 +17,7 @@
 
 ## TODO
 
-1. [ ] Custom 403(Access Denied Page)
+1. [x] Custom 403(Access Denied Page)
 2. [x] Remember me
 3. [ ] JWT
 4. [ ] Spinner
diff --git a/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/java/me/cyper/fsd/lab06/config/SpringSecurityConfig.java b/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/java/me/cyper/fsd/lab06/config/SpringSecurityConfig.java
@@ -80,8 +80,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                 
                 .antMatchers("/","/register", "/captcha_image**", "/h2/**").permitAll()
-                .antMatchers("/admin/**").hasAnyRole("ADMIN")
-                .antMatchers("/user/**").hasAnyRole("USER")
+                .antMatchers("/admin/**").hasRole("ADMIN")
+                .antMatchers("/user/**").hasRole("USER")
 
                 // every request requires the user to be authenticated
                 .anyRequest().authenticated()
diff --git a/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/error/403.html b/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/error/403.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta charset="UTF-8">
+<title>FSD Course Center</title>
+<script th:src="@{/webjars/jquery/3.4.1/dist/jquery.min.js}"></script>
+<script th:src="@{/webjars/bootstrap/4.3.1/js/bootstrap.min.js}"></script>
+<link rel="stylesheet" th:href="@{/webjars/bootstrap/4.3.1/css/bootstrap.min.css}" />
+<link rel="stylesheet" th:href="@{/css/layout.css}" />
+</head>
+<body>
+  <div th:replace="fragments/header :: header"></div>
+
+  <div class="container-fluid">
+    <div class="row flex-xl-nowrap">
+      <div class="col-12 col-md-3 col-xl-2 bd-sidebar">
+        <div th:replace="fragments/sidemenu :: search"></div>
+        <div th:replace="fragments/sidemenu :: nav"></div>
+      </div>
+
+      <main class="col-12 col-md-9 col-xl-10 py-md-3 pl-md-5 bd-content"
+        role="main">
+        <h3 class="text-secondary">Sorry! Access denied :(</h1>
+        You don't have permission to view this page.
+      </main>
+
+
+    </div>
+
+  </div>
+</body>
+</html>
diff --git a/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/home.html b/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/home.html
@@ -5,7 +5,7 @@
 <title>FSD Course Center</title>
 <script th:src="@{/webjars/jquery/3.4.1/dist/jquery.min.js}"></script>
 <script th:src="@{/webjars/bootstrap/4.3.1/js/bootstrap.min.js}"></script>
-<link rel="stylesheet" th:href="@{webjars/bootstrap/4.3.1/css/bootstrap.min.css}" />
+<link rel="stylesheet" th:href="@{/webjars/bootstrap/4.3.1/css/bootstrap.min.css}" />
 <link rel="stylesheet" th:href="@{/css/layout.css}" />
 </head>
 <body>
diff --git a/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/login.html b/lab06_springboot2_sec_jpa_thymeleaf/course-app/src/main/resources/templates/login.html
@@ -4,8 +4,8 @@
 <meta charset="UTF-8">
 <title>FSD Course Center - Login</title>
 <script th:src="@{/webjars/jquery/3.4.1/dist/jquery.min.js}"></script>
-<link type="text/css" rel="stylesheet" th:href="@{webjars/font-awesome/5.9.0/css/all.css}" />
-<link type="text/css" rel="stylesheet" th:href="@{webjars/bootstrap/4.3.1/css/bootstrap.min.css}" />
+<link type="text/css" rel="stylesheet" th:href="@{/webjars/font-awesome/5.9.0/css/all.css}" />
+<link type="text/css" rel="stylesheet" th:href="@{/webjars/bootstrap/4.3.1/css/bootstrap.min.css}" />
 <link type="text/css" rel="stylesheet" th:href="@{/css/signin.css}" />
 <script th:inline="javascript">
   function changeCaptcha(){
