Auth0 Home Blog Docs

Access Denied exception

authorization
access-is-denied
spring-security

#1

I’m following the Spring Security tutorial, downloaded the preconfigured app, verified my client id, etc… and i get a access denied, but I see in the Dashboard log, a Successful Login for it. I see in the AppConfig, it expects a ROLE_ADMIN for the user. Do I need to somehow assign the role to my user that’s trying to login?

6-26 20:25:54.929 DEBUG 10431 --- [nio-3099-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/portal/home'; against '/portal/**'
2017-06-26 20:25:54.929 DEBUG 10431 --- [nio-3099-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /portal/home; Attributes: [hasAuthority('ROLE_ADMIN')]
2017-06-26 20:25:54.929 DEBUG 10431 --- [nio-3099-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: com.auth0.spring.security.mvc.Auth0JWTToken@6f7e09d9: Principal: com.auth0.spring.security.mvc.Auth0UserDetails@f70c0f; Credentials: [PROTECTED]; Authenticated: true; Details: {user_id=google-oauth2|100479163693422019999, name=Alper Akture, nickname=alper.akture, email=alper.akture@gmail.com, email_verified=true, picture=https://lh4.googleusercontent.com/-rZHGIWo3ckw/AAAAAAAAAAI/AAAAAAAAAg8/t0cDXebhDko/photo.jpg, iss=https://lazylightening.auth0.com/, sub=google-oauth2|100479163693422019999, aud=yh1aCKMf0-LTaYtNyz5M4pRUlwXCfhEJ, exp=1498569802, iat=1498533802}; Not granted any authorities
2017-06-26 20:25:54.929 DEBUG 10431 --- [nio-3099-exec-6] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6593f30e, returned: -1
2017-06-26 20:25:54.930 DEBUG 10431 --- [nio-3099-exec-6] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Mon Jun 26 20:25:54 PDT 2017, principal=alper.akture@gmail.com, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
2017-06-26 20:25:54.934 DEBUG 10431 --- [nio-3099-exec-6] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is not anonymous); delegating to AccessDeniedHandler

org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.4.RELEASE.jar:4.0.4.RELEASE]

#2