Jquery Spring启动时的Spring Security基本身份验证筛选器问题
我们正在使用Jersey和基本身份验证Spring Security开发Spring引导应用程序 SecurityConfiguration.javaJquery Spring启动时的Spring Security基本身份验证筛选器问题,jquery,spring,spring-security,spring-boot,jersey,Jquery,Spring,Spring Security,Spring Boot,Jersey,我们正在使用Jersey和基本身份验证Spring Security开发Spring引导应用程序 SecurityConfiguration.java @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter{ @Value("${spring.datasource.drive
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Value("${spring.datasource.driverClassName}")
private String driverClassName;
@Value("${spring.datasource.url}")
private String dataSourceUrl;
@Value("${spring.datasource.username}")
private String username;
@Value("${spring.datasource.password}")
private String password;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource();
driverManagerDataSource.setDriverClassName(driverClassName);
driverManagerDataSource.setUrl(dataSourceUrl);
driverManagerDataSource.setUsername(username);
driverManagerDataSource.setPassword(password);
auth.jdbcAuthentication().dataSource(driverManagerDataSource).usersByUsernameQuery(
"select username,password, user_status from users where username=?")
.authoritiesByUsernameQuery(
"select user.username,ur.role from users user inner join user_roles ur on user.role=ur.role_id and user.username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/api/v1/**").hasRole("SUPERADMIN")
.antMatchers(HttpMethod.OPTIONS,"/api/v1/**").hasRole("SUPERADMIN")
.antMatchers("/api/v1/admin/**").hasAnyRole("SUPERADMIN","ADMIN")
.antMatchers(HttpMethod.OPTIONS,"/api/v1/admin/**").hasAnyRole("SUPERADMIN","ADMIN")
.antMatchers("/api/user/**").hasAnyRole("USER","SUPERADMIN","ADMIN")
.antMatchers(HttpMethod.OPTIONS,"/api/user/**").hasAnyRole("USER","SUPERADMIN","ADMIN")
.antMatchers(HttpMethod.POST, "/api/v1/login").permitAll()
.and().httpBasic();
}
}
@Component
@Order(1)
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
if(request.getMethod().equalsIgnoreCase("options") && response != null){
System.out.println("in options");
response.setStatus(200);
}
if(request.getHeader("Origin")!= null){
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
}
else {
response.setHeader("Access-Control-Allow-Origin", "http://localhost");
}
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
这是401未授权错误,我们正在尝试Jquery/Ajax调用,因此请检查此问题,并让我知道如何使用Spring Security解决筛选器问题。首先,您的url模式是错误的。添加它们的顺序也是参考它们的顺序。因此,任何以
/api/v1SUPERADMIN/api/v1/.antMatchers(HttpMethod.OPTIONS,“/api/v1/**”).pemitAll()/api/v1/admin/**/api/v1/**/api/v1SUPERADMIN/api/v1/.antMatchers(HttpMethod.OPTIONS,“/api/v1/**”).pemitAll()/api/v1/admin/**/api/v1/**