Erro com Spring Security

Estou com um erro toda vez que eu inicio a pagina principal de segurança está dando o seguinte erro

org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) ~[spring-security-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) ~[spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.1.2.RELEASE.jar:3.1.2.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [spring-web-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [spring-web-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.29] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.29] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) [catalina.jar:7.0.29] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) [catalina.jar:7.0.29] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [catalina.jar:7.0.29] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) [catalina.jar:7.0.29] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) [catalina.jar:7.0.29] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) [catalina.jar:7.0.29] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.29] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) [catalina.jar:7.0.29] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001) [tomcat-coyote.jar:7.0.29] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585) [tomcat-coyote.jar:7.0.29] at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) [tomcat-coyote.jar:7.0.29] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.7.0_07] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.7.0_07] at java.lang.Thread.run(Unknown Source) [na:1.7.0_07]

Como está a configuração do Spring Security? De repente esta página está bloqueada. =)

Segue as páginas de configuração do spring security

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <bean id="financeiroDataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> <property name="jndiName"> <value>java:comp/env/jdbc/FinanceiroDB</value> </property> </bean> </beans>

applicationContext-security.xml

[code]<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns=“http://www.springframework.org/schema/security
xmlns:b=“http://www.springframework.org/schema/beans
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd”>

[/code]

web.xml

[code]<?xml version="1.0" encoding="UTF-8"?>

FinanceiroWeb

index.html
index.htm
index.jsp
default.html
default.htm
default.jsp


Faces Servlet
javax.faces.webapp.FacesServlet
1


Faces Servlet
*.jsf

DataSource FinanceiroDB jdbc/FinanceiroDB javax.sql.DataSource Container contextConfigLocation /WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /* org.springframework.web.context.ContextLoaderListener

[/code]

E qual a página que você tá tentando entrar? Se for uma página protegida, é normal esta exceção ser disparada o primeiro acesso.

Á página que estou tentando acessa primeiro a página publico/login.jsf depois que eu tento fazer o login eu quero entrar na página restrito/principal.jsf com a permissão de ROLE_USUARIO que esta resgistrada no banco, mas quando tento acessar a página da erro 500.

esse modo que vc implementou o spring security você usando um datasource criado no servidor?
pelas configurações está parecendo isso, vc conseguiu subir a aplicação desse jeito?

pq dá pergunta tbm estou implementando o spring security
de maneira que ele utilize meu dataSource criado no servidor GlassFish

@rcarauta

Como está a sua classe (Role ou Authority) não sei como vc usou
e seu relacionamento com ela na classe User…

Fala!! erro clássico do Spring Security, bom como já foi mencionado vc esta tentanto acessar uma página na qual vc não tem permissão.
vc pode resolver isso de duas formas, ir ate seu banco de dados e alterar sua permissão para ROLE_ADMNISTRADOR, ou vai ate sua página principal.xhtml e adiciona a tag
<sec:ifAnyGranted roles="ROLE_USUARIO> para liberar seu acesso como Usuário. Posta ai sua Principal.xhtml.

A página que eu tento acessar é essa abaixo:

[code]

<ui:composition template="/template/composicao.xhtm">
<ui:define name=“header”>
Principal
</ui:define>
<ui:define name=“content”>

    <h1>Gerenciador Financeiro Pessoal</h1>
    
    Usuario Logado #{request.remoteUser}
    <br/>
    <h:form>
    	<sec:ifAnyGranted role="ROLE_ADMINISTRADOR">
    		<h:commandLink action="/admin/principal" title="Administrativo">
    			<h:graphicImage library="imagens" name="admin.png"></h:graphicImage>
    		</h:commandLink>
    	</sec:ifAnyGranted>
    	<a onclick="document.location='#{request.contextPath}/j_spring_security_logout'" title="Sair">
    		<h:graphicImage library="imagens" name="logout.png"></h:graphicImage>
    	</a>
    </h:form>
    
</ui:define>
<ui:define name="footer">
   
</ui:define>

</ui:composition>

[/code]

O usuário que eu tento acessar tem o privilégio para acessar esta página segue tbm a página de login

[code]

<ui:composition template="/template/composicao.xhtml">
<ui:define name=“header”>

</ui:define>
<ui:define name="content">
   <h:form>
   		<h:commandButton action="#{usuarioBean.novo}" value="Registre-se"></h:commandButton>
   </h:form>
   
   <h:panelGrid rendered="#{!empty param.login_error}">
   	<span style="font-color:red">Erro ao efetuar o login!</span><br/>
   	<br/>
   	Motivo: #{SPRING_SECURITY_LAST_EXCEPTION.message}	
   </h:panelGrid>
   
   <form id="login" method="post" action="#{request.contextPath}/j_spring_security_check">
   	<table>
   		<tr><td>Login</td>
   		    <td><input type="text" name="j_username"/></td>
   		</tr>
   		<tr><td>Senha</td>
   			<td><input type="password" name="j_password"/></td>
   		</tr>
   		<tr>
   			<td align="right">
   			 <input type="checkbox" name="_spring_security_remember_me" />
   			</td>
   			<td>Entrar autenticante</td>
   		</tr>
   		<tr>
   		<td></td>
   		<td><input type="submit" value="Entrar"/></td>
   		</tr>
   	</table>
   	<script>
   		document.getElementById("login").j_username.value = "#{SPRING_SECURITY_LAST_USERNAME}";
   	</script>
   </form>
   
</ui:define>
<ui:define name="footer">
    
</ui:define>

</ui:composition>

[/code]

Faça a seguinte alteração e tente logar novamente!!!

[code]

<ui:composition template="/template/composicao.xhtm">// aqui esta faltando um L em “composicao.xhtml”
<ui:define name=“header”>
Principal
</ui:define>
<ui:define name=“content”>

    <h1>Gerenciador Financeiro Pessoal</h1>
    
    Usuario Logado #{request.remoteUser}
    <br/>
    <h:form>
    	<sec:ifAnyGranted role="ROLE_ADMINISTRADOR"> // aqui vc pode alterar assim <sec:ifAnyGranted role="ROLE_USUARIO">
    		<h:commandLink action="/admin/principal" title="Administrativo">
    			<h:graphicImage library="imagens" name="admin.png"></h:graphicImage>
    		</h:commandLink>
    	</sec:ifAnyGranted>
    	<a onclick="document.location='#{request.contextPath}/j_spring_security_logout'" title="Sair">
    		<h:graphicImage library="imagens" name="logout.png"></h:graphicImage>
    	</a>
    </h:form>
    
</ui:define>
<ui:define name="footer">
   
</ui:define>

</ui:composition>

[/code] Porém esta página deve esta dentro da pasta [b]restrito.[/b]

No seu applicationContext-security.xml vc também pode fazer a seguinte alteração

[code] <?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns=“http://www.springframework.org/schema/security
xmlns:b=“http://www.springframework.org/schema/beans
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd”>

  <http>  
    <intercept-url pattern="/admin/**" access="ROLE_ADMINISTRADOR"/>// aqui vc pode deixar seu access assim access="ROLE_ADMINISTRADOR,ROLE_USUARIO"
    <intercept-url pattern="/restrito/**" access="ROLE_USUARIO"/>  
    <form-login login-page="/publico/login.jsf"  
    always-use-default-target="true"  
    default-target-url="/restrito/principal.jsf"  
    authentication-failure-url="/publico/login.jsf?login_error=1"/>  
    <logout/>  
    <remember-me/>  
  </http>  
  <authentication-manager>  
    <authentication-provider>  
        <jdbc-user-service data-source-ref="financeiroDataSource"  
        authorities-by-username-query="SELECT u.login, p.premissao  
        FROM usuario u, usuario_premissao p WHERE u.codigo = p.usuario  
        AND u.login=?"  
        users-by-username-query="SELECT login,senha,ativo FROM usuario   
        WHERE login=?"/>  
    </authentication-provider>  
  </authentication-manager>  
  </b:beans>  [/code]

Vlww a todos consegui resolve o problema nessa página principal de login o erro era que deveria ser como abaixo

<sec:ifAnyGranted roles="ROLE_ADMINISTRADOR"> e tava como

<sec:ifAnyGranted role="ROLE_ADMINISTRADOR"> falto um s no role ta funcionando corretamente agora obrigado a todos pela ajuda