Angularjs Spring安全性使角度资源失败
我已经为现有应用程序实现了一个Spring安全模块,它实际上看起来像:Angularjs Spring安全性使角度资源失败,angularjs,spring,spring-security,angular-resource,Angularjs,Spring,Spring Security,Angular Resource,我已经为现有应用程序实现了一个Spring安全模块,它实际上看起来像: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autow
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/static/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
//.antMatchers("/resources/**", "/").permitAll()
//.antMatchers("/welcome").hasRole("ADMIN") //tu mogla by byc pobrana jaka rola i te linki np tylko dla admina
//.anyRequest().permitAll() //reszta po zalogowaniu
//.antMatchers("/resources/templates/index.html").permitAll()
.antMatchers("/views/pages/signIn.html").permitAll()
.antMatchers("/views/worker/**").hasAuthority(AuthoritiesConstants.WORKER)
.antMatchers("/views/client/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/views/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/templates/index.html").permitAll()
.antMatchers("/scripts/directives/addAdmin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/addWorker/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/assignWorkerToWash/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/header/**").permitAll()
.antMatchers("/scripts/directives/info/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/reservation/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/reservationReminder/**").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/vehicle/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/vehicle/**").hasAnyRole(AuthoritiesConstants.CLIENT, AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/washType/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/vehicleType/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/wash/**").hasAuthority(AuthoritiesConstants.ADMIN)
//.antMatchers("/api/reservationreminder").permitAll()
//???
.antMatchers("/auth").permitAll()
.antMatchers("/", "/login").permitAll()
.antMatchers("/templates/index.html").permitAll()
//.antMatchers("/api/client, /api/reservation", "/api/reservationreminder", "/api/review", "/api/user", "/api/vehicle", "/api/wash", "/api/washlocation", "/api/washtype", "/api/worker").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
.antMatchers("/app/styles/**", "/app/js/**").permitAll()
.antMatchers("/build/**").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("/views/pages/login.html")
.permitAll()
.and()
.formLogin()
.loginProcessingUrl("/views/pages/login.html")
.permitAll()
}
}
目录树如下所示:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/static/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
//.antMatchers("/resources/**", "/").permitAll()
//.antMatchers("/welcome").hasRole("ADMIN") //tu mogla by byc pobrana jaka rola i te linki np tylko dla admina
//.anyRequest().permitAll() //reszta po zalogowaniu
//.antMatchers("/resources/templates/index.html").permitAll()
.antMatchers("/views/pages/signIn.html").permitAll()
.antMatchers("/views/worker/**").hasAuthority(AuthoritiesConstants.WORKER)
.antMatchers("/views/client/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/views/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/templates/index.html").permitAll()
.antMatchers("/scripts/directives/addAdmin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/addWorker/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/assignWorkerToWash/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/header/**").permitAll()
.antMatchers("/scripts/directives/info/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/reservation/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/reservationReminder/**").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/vehicle/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/vehicle/**").hasAnyRole(AuthoritiesConstants.CLIENT, AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/review/**").hasAuthority(AuthoritiesConstants.CLIENT)
.antMatchers("/scripts/directives/washType/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/vehicleType/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/scripts/directives/wash/**").hasAuthority(AuthoritiesConstants.ADMIN)
//.antMatchers("/api/reservationreminder").permitAll()
//???
.antMatchers("/auth").permitAll()
.antMatchers("/", "/login").permitAll()
.antMatchers("/templates/index.html").permitAll()
//.antMatchers("/api/client, /api/reservation", "/api/reservationreminder", "/api/review", "/api/user", "/api/vehicle", "/api/wash", "/api/washlocation", "/api/washtype", "/api/worker").hasAnyRole(AuthoritiesConstants.WORKER, AuthoritiesConstants.CLIENT)
.antMatchers("/app/styles/**", "/app/js/**").permitAll()
.antMatchers("/build/**").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("/views/pages/login.html")
.permitAll()
.and()
.formLogin()
.loginProcessingUrl("/views/pages/login.html")
.permitAll()
}
}
在实现之后,根据我在angularJS中使用的$resource
模块,我得到了奇怪的失败-在Spring安全性实现之前,一切正常
失败的症状是,由于操作“查询”的资源配置中出现错误,我无法通过登录页面登录。预期响应包含数组,但获得了对象(请求:GET/api/reservationrementer)
当我们参加该服务时,我有:
angular.module('sbAdminApp').factory('ReservationReminderService', function($resource) {
var service = $resource('/api/reservationreminder/', {id : '@id'},
{
});
return service;
});
我使用LoginCtrl(angular)我使用接受数组的query()方法:
ReservationReminderService.query().$promise.then(function (res) {
UserService.setData('reminders', res);
UserService.setData('wasSeen', true);
var userRoles = UserService.getRoles();
if (userRoles.indexOf('client') > -1){
$state.go('dashboard.myaccount');
return;
}
if (userRoles.indexOf('worker') > -1){
$state.go('dashboard.workerreservation');
return;
}
$state.go('dashboard.home');
});
所以我真的不知道为什么会有失败?可能是Spring安全配置有问题
以前非常基本的Spring安全配置是这样的:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and()
}
然后,一切正常
[更新]
角度控制器:
angular.module('sbAdminApp').controller('LoginCtrl', function ($scope, LoginService, $http, $state, UserService, AddUserService, $q, ReservationReminderService) {
$scope.User = {};
$scope.Error = null;
$scope.login = function () {
$scope.Error = null;
$http.post('auth/login', $scope.User).success(function (res, a, b) {
UserService.setUserData(res);
ReservationReminderService.query().$promise.then(function (res) {
UserService.setData('reminders', res);
UserService.setData('wasSeen', true);
var userRoles = UserService.getRoles();
if (userRoles.indexOf('client') > -1){
$state.go('dashboard.myaccount');
return;
}
if (userRoles.indexOf('worker') > -1){
$state.go('dashboard.workerreservation');
return;
}
$state.go('dashboard.home');
});
}).error(function (data) {
// jeżeli 403 - pokaz blad
// jezeli 5xx - alert wewnetrzny blad serwera
if (data.status == 403)
$scope.Error = "Błędny login lub hasło";
else alert(data.message);
});
//console.log('ReservationReminderService.query();', ReservationReminderService.query())
};
$scope.signInForm = function () {
$state.transitionTo('signIn');
}
});
[更新2]
@RestController
@RequestMapping(value = "/api/reservationreminder")
public class ReservationReminderController {
@Autowired
private ReservationReminderServiceImpl reminderService;
@Autowired
private WorkerServiceImpl workerService;
@RequestMapping(value = "", method = RequestMethod.GET)
public List<ReservationReminder> getReservationReminderList(HttpServletRequest request) {
Principal name = request.getUserPrincipal();
if (name.getName() == null) {
throw new RuntimeException("Brak sesji");
}
Worker workerByLogin = workerService.findWorkerByLogin(name.getName());
List<ReservationReminder> byReservationWorkerPesel = reminderService.findByReservationWorkerPesel(workerByLogin);
return byReservationWorkerPesel;
}
@RequestMapping(value = "", method = RequestMethod.POST)
public void insertOrUpdate(@RequestBody List<ReservationReminder> reservationReminderList) {
for (ReservationReminder r : reservationReminderList) {
if (r.getChecked() == true) {
reminderService.insertOrUpdate(r);
}
}
}
}
@RestController
@请求映射(value=“/api/reservationrementer”)
公共类保留提醒控制器{
@自动连线
私人预订提醒服务MPL提醒服务;
@自动连线
私人工人服务MPL工人服务;
@RequestMapping(value=”“,method=RequestMethod.GET)
公共列表GetReservationMemberList(HttpServletRequest请求){
主体名称=request.getUserPrincipal();
if(name.getName()==null){
抛出新的RuntimeException(“Brak sesji”);
}
Worker-workerByLogin=workerService.findWorkerByLogin(name.getName());
List ByReservationWorkerPresel=提醒服务。FindByreservationWorkerPresel(workerByLogin);
returnbyreservationworkerpesel;
}
@RequestMapping(value=”“,method=RequestMethod.POST)
public void insertOrUpdate(@RequestBody List reservationmemberlist){
for(ReservationReminderR:reservationReminderList){
if(r.getChecked()==true){
提醒服务。插入更新(r);
}
}
}
}
这可能是由于@EnableGlobalMethodSecurity(prespenabled=true)
您可以向我们展示您的控制器吗?您可以尝试从Rest客户端(如Postman或Curl to/api/reservationrementer/)获取请求吗?您得到了什么?还有其他失败的控制器,现在是TypeError:cannotreadproperty'forEach'of undefined
我认为您没有得到正确的授权,当您执行httpget请求时,您从Spring而不是您想要的对象得到一条错误消息。您是否尝试删除@EnableGlobalMethodSecurity(prespenabled=true)。是的,我删除了它们。我认为我得到了适当的授权,因为在那之前一切正常