Google chrome SpringBoot 2 http基本安全性在chrome上始终为401,但在postman上始终为200
当使用http基本安全性向我的spring boot应用程序发送请求时,我成功了 companyuser@gmail.com==Y29tcGFueXVzZXJAZ21haWwuY29tOm0xMjM= 以下是服务器上的日志:Google chrome SpringBoot 2 http基本安全性在chrome上始终为401,但在postman上始终为200,google-chrome,spring-boot,spring-security,cors,Google Chrome,Spring Boot,Spring Security,Cors,当使用http基本安全性向我的spring boot应用程序发送请求时,我成功了 companyuser@gmail.com==Y29tcGFueXVzZXJAZ21haWwuY29tOm0xMjM= 以下是服务器上的日志: 15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 1 of 12 in additional filter chain
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@1b9df029: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /auth/user' doesn't match 'POST /logout'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'companyuser@gmail.com'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/auth/user'; against '/securityNone'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /auth/user; Attributes: [authenticated]
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@60df6881, returned: 1
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user reached end of additional filter chain; proceeding with original chain
15:14:58.366 [http-nio-8082-exec-10] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@c0f06f8
15:14:58.369 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
15:14:58.369 [http-nio-8082-exec-10] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
15:10:36.205 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'OPTIONS /auth/user' doesn't match 'POST /logout'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@eb36b2ff: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/auth/user'; against '/securityNone'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /auth/user; Attributes: [authenticated]
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@eb36b2ff: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@60df6881, returned: -1
15:10:36.214 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
当我在chrome上尝试同样的方法时,我得到了401:
以下是服务器上的日志:
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:14:58.359 [http-nio-8082-exec-10] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@1b9df029: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /auth/user' doesn't match 'POST /logout'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'companyuser@gmail.com'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
15:14:58.360 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/auth/user'; against '/securityNone'
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /auth/user; Attributes: [authenticated]
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1b9df029: Principal: org.springframework.security.core.userdetails.User@44ceb5b9: Username: companyuser@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: COMPANY_ADMIN,COMPANY_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 576768B8D272582DD22DE41579E13BC6; Granted Authorities: COMPANY_ADMIN, COMPANY_USER
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@60df6881, returned: 1
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
15:14:58.361 [http-nio-8082-exec-10] DEBUG o.s.security.web.FilterChainProxy - /auth/user reached end of additional filter chain; proceeding with original chain
15:14:58.366 [http-nio-8082-exec-10] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@c0f06f8
15:14:58.369 [http-nio-8082-exec-10] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
15:14:58.369 [http-nio-8082-exec-10] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
15:10:36.205 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'OPTIONS /auth/user' doesn't match 'POST /logout'
15:10:36.206 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@eb36b2ff: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
15:10:36.207 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.security.web.FilterChainProxy - /auth/user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/auth/user'; against '/securityNone'
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /auth/user; Attributes: [authenticated]
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@eb36b2ff: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
15:10:36.208 [http-nio-8082-exec-4] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@60df6881, returned: -1
15:10:36.214 [http-nio-8082-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
这是我的配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/securityNone").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(appAuthenticationEntryPoint);
}
这是我的rest控制器:
@RestController
public class AuthController
{
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping(value = "/auth/user", method = RequestMethod.GET)
public Principal user(Principal user)
{
return user;
}
}
我确实在chrome中看到了这些错误:
知道我哪里出错了吗?我启用了cors:
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/securityNone").permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(appAuthenticationEntryPoint);
http.cors();
}
它成功了。我发现此信息“在Spring安全级别启用CORS”您应该在服务器端启用CORS,或者更好地通过UI服务器将请求路由到后端…Add.antMatchers(HttpMethod.OPTIONS,“/path/to/allow”).permitAll()