Fatal编程技术网
  • java/
  • Java spring security+;rest不支持';行不通

Java spring security+;rest不支持';行不通

java rest spring-mvc spring-security

Java spring security+;rest不支持';行不通,java,rest,spring-mvc,spring-security,basic-authentication,Java,Rest,Spring Mvc,Spring Security,Basic Authentication,我已经配置了所有属性,但我的应用程序仍然在没有spring security的情况下加载,就好像它不存在一样。。。请帮帮我,我做错了什么 在这里,我的房间没有邮递员认证: 以下是我的课程: 证券配置: package com.vidaflo.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.ComponentS

我已经配置了所有属性,但我的应用程序仍然在没有spring security的情况下加载,就好像它不存在一样。。。请帮帮我,我做错了什么

在这里,我的房间没有邮递员认证:

以下是我的课程:

证券配置:

package com.vidaflo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
@ComponentScan("com.vidaflo")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("tom").password("abc123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests().antMatchers("/room/**").hasRole("ADMIN")
                .and()
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

package com.vidaflo.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.vidaflo.controllers")
public class WebConfiguration extends WebMvcConfigurationSupport {
}
SecurityInitializer:

package com.vidaflo.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
网络配置:

package com.vidaflo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
@ComponentScan("com.vidaflo")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("tom").password("abc123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests().antMatchers("/room/**").hasRole("ADMIN")
                .and()
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

package com.vidaflo.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.vidaflo.controllers")
public class WebConfiguration extends WebMvcConfigurationSupport {
}
Tomcat嵌入式:

package com.vidaflo.server;

import com.vidaflo.config.ApplicationConfiguration;
import com.vidaflo.config.DatabaseConfiguration;
import com.vidaflo.config.SecurityConfiguration;
import com.vidaflo.config.WebConfiguration;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.startup.Tomcat;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;

@Slf4j
public class Application {
    private static final String APPLICATION_PROPERTIES = System.getProperty("app.properties");
    private static final int DEFAULT_PORT = 8080;
    private static final String DEFAULT_CONTEXT_PATH = "/app";

    private AppProperties appProperties;
    private AnnotationConfigWebApplicationContext ctx;

    public static void main(String[] args) throws LifecycleException {
        Application app = new Application(APPLICATION_PROPERTIES);
        Server server = new TomcatServer(new Tomcat());
        app.run(server);
    }

    public Application(String fieldName) {
        loadProperties(fieldName);
    }

    public void run(Server server) {
        initApplicationContext();
        server.run(getConfig());
    }

    private void loadProperties(String fieldName) {
        appProperties = new AppProperties();
        appProperties.load(fieldName);
    }

    private void initApplicationContext() {
        log.info("Initialize application context...");

        ctx = new AnnotationConfigWebApplicationContext();
        ctx.register(SecurityConfiguration.class);
        ctx.register(ApplicationConfiguration.class);
        ctx.register(WebConfiguration.class);
        ctx.register(DatabaseConfiguration.class);
        ctx.getEnvironment()
            .getPropertySources()
            .addLast(new PropertiesPropertySource("applicationEnvironment", appProperties.getProperties()));
    }

    private ServerConfig getConfig() {
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.setPort(appProperties.getPort(DEFAULT_PORT));
        serverConfig.setContextPath(appProperties.getContextPath(DEFAULT_CONTEXT_PATH));
        serverConfig.setServlet(getServlet());
        return serverConfig;
    }

    private DispatcherServlet getServlet() {
        return new DispatcherServlet(ctx);
    }
}
休息控制器:

package com.vidaflo.controllers;

import com.vidaflo.dto.RoomDto;
import com.vidaflo.model.location.Room;
import com.vidaflo.repositories.LocationRepository;
import com.vidaflo.services.RoomService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;
import java.util.stream.Collectors;

@RestController
public class RoomController {
    @Autowired
    private RoomService roomService;

    @Autowired
    private LocationRepository locationService;

    @PostMapping("/room/save")
    public String save(@RequestParam(name = "name") String name,
                       @RequestParam(name = "location_id") Long locationId) {
        roomService.save(name, locationService.findOne(locationId));
        return "room added";
    }

    @GetMapping("/room/all")
    public List<RoomDto> findAll() {
        return roomService.findAll().stream()
                .map(this::toDto)
                .collect(Collectors.toList());
    }

    private RoomDto toDto(Room room) {
        return RoomDto.builder()
                .id(room.getId())
                .name(room.getName())
                .build();
    }
}

package com.vidaflo.controllers;
导入com.vidaflo.dto.RoomDto;
导入com.vidaflo.model.location.Room;
导入com.vidaflo.repositories.LocationRepository;
导入com.vidaflo.services.RoomService;
导入org.springframework.beans.factory.annotation.Autowired;
导入org.springframework.web.bind.annotation.GetMapping;
导入org.springframework.web.bind.annotation.PostMapping;
导入org.springframework.web.bind.annotation.RequestParam;
导入org.springframework.web.bind.annotation.RestController;
导入java.util.List;
导入java.util.stream.collector;
@RestController
公共教室管理员{
@自动连线
私人客房服务;
@自动连线
专用位置存储库位置服务;
@邮戳(“/room/save”)
公共字符串保存(@RequestParam(name=“name”)字符串名称,
@RequestParam(name=“location\u id”)Long locationId){
roomService.save(name,locationService.findOne(locationId));
返回“已添加房间”;
}
@GetMapping(“/room/all”)
公共列表findAll(){
return roomService.findAll().stream()
.map(this::toDto)
.collect(Collectors.toList());
}
私人房间到托托(房间){
返回RoomDto.builder()
.id(room.getId())
.name(room.getName())
.build();
}
}
请告诉我是否需要添加其他详细信息。我非常需要帮助,我无法理解我做错了什么。

尝试将configureGlobalSecurity方法和enum“Roles”中的角色“ADMIN”“USER”更改为“role\u ADMIN”“role\u USER”,但在configure方法中不要更改。

尝试将configureGlobalSecurity方法和enum中的角色“ADMIN”“USER”更改为“role\u ADMIN”“role\u USER”“角色”,但在configure方法中不更改。

找到答案后,我们应该在tomcat embedded config中手动添加spring security的过滤器,如下所示:

FilterDef filterDef = new FilterDef();
        filterDef.setFilterName("springSecurityFilterChain");
        filterDef.setFilterClass("org.springframework.web.filter.DelegatingFilterProxy");
        container.addFilterDef(filterDef);

        FilterMap filterMapping = new FilterMap();
        filterMapping.setFilterName("springSecurityFilterChain");
        filterMapping.addURLPattern("/*");
        container.addFilterMap(filterMapping);
找到答案后,我们应该在tomcat embedded config中手动添加spring安全过滤器,如下所示:

FilterDef filterDef = new FilterDef();
        filterDef.setFilterName("springSecurityFilterChain");
        filterDef.setFilterClass("org.springframework.web.filter.DelegatingFilterProxy");
        container.addFilterDef(filterDef);

        FilterMap filterMapping = new FilterMap();
        filterMapping.setFilterName("springSecurityFilterChain");
        filterMapping.addURLPattern("/*");
        container.addFilterMap(filterMapping);
@KimAragonEscobar是的,我尝试过
“/**”
和许多其他方法,但仍然不起作用。我将
@Secured({“ROLE\u ADMIN”})
(我也尝试过
@Secured(“ADMIN”)
)添加到控制器方法,并添加
@EnableGlobalMethodSecurity(securedEnabled=true)
到SecurityConfiguration类,但现在我有一个异常
security.authentication.AuthenticationCredentialsNotFoundException:在SecurityContext中找不到身份验证对象(@KimAragonEscobar是的,我尝试了
“/**”
和许多其他方法,但仍然无法工作添加
@securied({“ROLE\u ADMIN”)
(我也尝试了
@Secured(“ADMIN”)
)到控制器方法,并添加了
@EnableGlobalMethodSecurity(securedEnabled=true)
到SecurityConfiguration类,但现在我有一个异常
security.authentication.AuthenticationCredentialsNotFoundException:在SecurityContext中找不到身份验证对象
;(在
配置全局安全方法
中,我们不能使用前缀为
ROLE\u
的角色。我尝试过,但遇到了异常:`ROLE\u ADMIN不能以ROLE\u开头(它是自动添加的)在
配置全局安全方法
中,我们可能无法使用前缀为
ROLE\u
的角色。我尝试过,但遇到了异常:`ROLE\u ADMIN不能以ROLE\u开头(它是自动添加的)