Fatal编程技术网
  • angularjs/
  • Angularjs Spring安全性使角度资源失败

Angularjs Spring安全性使角度资源失败

angularjs spring spring-security

Angularjs Spring安全性使角度资源失败,angularjs,spring,spring-security,angular-resource,Angularjs,Spring,Spring Security,Angular Resource,我已经为现有应用程序实现了一个Spring安全模块,它实际上看起来像: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autow

我已经为现有应用程序实现了一个Spring安全模块,它实际上看起来像:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers(HttpMethod.OPTIONS, "/**")
                .antMatchers("/static/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                    .authorizeRequests()
                    //.antMatchers("/resources/**", "/").permitAll()
                    //.antMatchers("/welcome").hasRole("ADMIN") //tu mogla by byc pobrana jaka rola i te linki np tylko dla admina
                    //.anyRequest().permitAll() //reszta po zalogowaniu
                    //.antMatchers("/resources/templates/index.html").permitAll()
                    .antMatchers("/views/pages/signIn.html").permitAll()
                    .antMatchers("/views/worker/**").hasAuthority(AuthoritiesConstants.WORKER)
                    .antMatchers("/views/client/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/views/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/templates/index.html").permitAll()
                    .antMatchers("/scripts/directives/addAdmin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/addWorker/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/assignWorkerToWash/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/header/**").permitAll()
                    .antMatchers("/scripts/directives/info/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/reservation/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/reservationReminder/**").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/vehicle/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/vehicle/**").hasAnyRole(AuthoritiesConstants.CLIENT, AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/washType/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/vehicleType/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/wash/**").hasAuthority(AuthoritiesConstants.ADMIN)

                    //.antMatchers("/api/reservationreminder").permitAll()


                    //???
                    .antMatchers("/auth").permitAll()
                    .antMatchers("/", "/login").permitAll()
                    .antMatchers("/templates/index.html").permitAll()
                    //.antMatchers("/api/client, /api/reservation", "/api/reservationreminder", "/api/review", "/api/user", "/api/vehicle", "/api/wash", "/api/washlocation", "/api/washtype", "/api/worker").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
                    .antMatchers("/app/styles/**", "/app/js/**").permitAll()
                    .antMatchers("/build/**").permitAll()
                    .anyRequest().authenticated()
                .and()
                    .logout()
                    .logoutSuccessUrl("/views/pages/login.html")
                    .permitAll()
                .and()
                    .formLogin()
                    .loginProcessingUrl("/views/pages/login.html")
                    .permitAll()

    }
}
目录树如下所示:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers(HttpMethod.OPTIONS, "/**")
                .antMatchers("/static/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                    .authorizeRequests()
                    //.antMatchers("/resources/**", "/").permitAll()
                    //.antMatchers("/welcome").hasRole("ADMIN") //tu mogla by byc pobrana jaka rola i te linki np tylko dla admina
                    //.anyRequest().permitAll() //reszta po zalogowaniu
                    //.antMatchers("/resources/templates/index.html").permitAll()
                    .antMatchers("/views/pages/signIn.html").permitAll()
                    .antMatchers("/views/worker/**").hasAuthority(AuthoritiesConstants.WORKER)
                    .antMatchers("/views/client/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/views/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/templates/index.html").permitAll()
                    .antMatchers("/scripts/directives/addAdmin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/addWorker/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/assignWorkerToWash/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/header/**").permitAll()
                    .antMatchers("/scripts/directives/info/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/reservation/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/reservationReminder/**").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/vehicle/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/vehicle/**").hasAnyRole(AuthoritiesConstants.CLIENT, AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
                    .antMatchers("/scripts/directives/washType/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/vehicleType/**").hasAuthority(AuthoritiesConstants.ADMIN)
                    .antMatchers("/scripts/directives/wash/**").hasAuthority(AuthoritiesConstants.ADMIN)

                    //.antMatchers("/api/reservationreminder").permitAll()


                    //???
                    .antMatchers("/auth").permitAll()
                    .antMatchers("/", "/login").permitAll()
                    .antMatchers("/templates/index.html").permitAll()
                    //.antMatchers("/api/client, /api/reservation", "/api/reservationreminder", "/api/review", "/api/user", "/api/vehicle", "/api/wash", "/api/washlocation", "/api/washtype", "/api/worker").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
                    .antMatchers("/app/styles/**", "/app/js/**").permitAll()
                    .antMatchers("/build/**").permitAll()
                    .anyRequest().authenticated()
                .and()
                    .logout()
                    .logoutSuccessUrl("/views/pages/login.html")
                    .permitAll()
                .and()
                    .formLogin()
                    .loginProcessingUrl("/views/pages/login.html")
                    .permitAll()

    }
}

在实现之后,根据我在angularJS中使用的
$resource
模块,我得到了奇怪的失败-在Spring安全性实现之前,一切正常

失败的症状是,由于操作“查询”的资源配置中出现
错误,我无法通过登录页面登录。预期响应包含数组,但获得了对象(请求:GET/api/reservationrementer)

当我们参加该服务时,我有:

angular.module('sbAdminApp').factory('ReservationReminderService', function($resource) {

var service = $resource('/api/reservationreminder/', {id : '@id'},
    {


    });

return service;
 });
我使用LoginCtrl(angular)我使用接受数组的query()方法:

ReservationReminderService.query().$promise.then(function (res) {
            UserService.setData('reminders', res);
            UserService.setData('wasSeen', true);

            var userRoles = UserService.getRoles();
            if (userRoles.indexOf('client') > -1){
                $state.go('dashboard.myaccount');
                return;
            }

            if (userRoles.indexOf('worker') > -1){
                $state.go('dashboard.workerreservation');
                return;
            }

            $state.go('dashboard.home');
        });
所以我真的不知道为什么会有失败?可能是Spring安全配置有问题

以前非常基本的Spring安全配置是这样的:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().permitAll()
              .and()
}
然后,一切正常

[更新] 角度控制器:

angular.module('sbAdminApp').controller('LoginCtrl', function ($scope, LoginService, $http, $state, UserService, AddUserService, $q, ReservationReminderService) {

$scope.User = {};
$scope.Error = null;

$scope.login = function () {
    $scope.Error = null;
    $http.post('auth/login', $scope.User).success(function (res, a, b) {
        UserService.setUserData(res);

        ReservationReminderService.query().$promise.then(function (res) {
            UserService.setData('reminders', res);
            UserService.setData('wasSeen', true);

            var userRoles = UserService.getRoles();
            if (userRoles.indexOf('client') > -1){
                $state.go('dashboard.myaccount');
                return;
            }

            if (userRoles.indexOf('worker') > -1){
                $state.go('dashboard.workerreservation');
                return;
            }

            $state.go('dashboard.home');
        });
    }).error(function (data) {
        // jeżeli 403 - pokaz blad
        // jezeli 5xx - alert wewnetrzny blad serwera
        if (data.status == 403)
            $scope.Error = "Błędny login lub hasło";
        else alert(data.message);
    });
    //console.log('ReservationReminderService.query();', ReservationReminderService.query())
};

$scope.signInForm = function () {
    $state.transitionTo('signIn');
}
});
[更新2]

   @RestController
    @RequestMapping(value = "/api/reservationreminder")
    public class ReservationReminderController {
    @Autowired
    private ReservationReminderServiceImpl reminderService;
    @Autowired
    private WorkerServiceImpl workerService;

    @RequestMapping(value = "", method = RequestMethod.GET)
    public List<ReservationReminder>     getReservationReminderList(HttpServletRequest request) {
        Principal name = request.getUserPrincipal();
        if (name.getName() == null) {
            throw new RuntimeException("Brak sesji");
        }
        Worker workerByLogin = workerService.findWorkerByLogin(name.getName());
        List<ReservationReminder> byReservationWorkerPesel = reminderService.findByReservationWorkerPesel(workerByLogin);
        return byReservationWorkerPesel;
    }

    @RequestMapping(value = "", method = RequestMethod.POST)
    public void insertOrUpdate(@RequestBody List<ReservationReminder> reservationReminderList) {
        for (ReservationReminder r : reservationReminderList) {
            if (r.getChecked() == true) {
                reminderService.insertOrUpdate(r);
            }
        }

    }
}

@RestController
@请求映射(value=“/api/reservationrementer”)
公共类保留提醒控制器{
@自动连线
私人预订提醒服务MPL提醒服务;
@自动连线
私人工人服务MPL工人服务;
@RequestMapping(value=”“,method=RequestMethod.GET)
公共列表GetReservationMemberList(HttpServletRequest请求){
主体名称=request.getUserPrincipal();
if(name.getName()==null){
抛出新的RuntimeException(“Brak sesji”);
}
Worker-workerByLogin=workerService.findWorkerByLogin(name.getName());
List ByReservationWorkerPresel=提醒服务。FindByreservationWorkerPresel(workerByLogin);
returnbyreservationworkerpesel;
}
@RequestMapping(value=”“,method=RequestMethod.POST)
public void insertOrUpdate(@RequestBody List reservationmemberlist){
for(ReservationReminderR:reservationReminderList){
if(r.getChecked()==true){
提醒服务。插入更新(r);
}
}
}
}
这可能是由于
@EnableGlobalMethodSecurity(prespenabled=true)
您可以向我们展示您的控制器吗?您可以尝试从Rest客户端(如Postman或Curl to/api/reservationrementer/)获取请求吗?您得到了什么?还有其他失败的控制器,现在是
TypeError:cannotreadproperty'forEach'of undefined
我认为您没有得到正确的授权,当您执行httpget请求时,您从Spring而不是您想要的对象得到一条错误消息。您是否尝试删除@EnableGlobalMethodSecurity(prespenabled=true)。是的,我删除了它们。我认为我得到了适当的授权,因为在那之前一切正常