Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/kotlin/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kotlin 使用@Preauthorize注释保护控制器不会';行不通_Kotlin_Spring Security - Fatal编程技术网
Fatal编程技术网
  • kotlin/
  • Kotlin 使用@Preauthorize注释保护控制器不会';行不通

Kotlin 使用@Preauthorize注释保护控制器不会';行不通

kotlin spring-security

Kotlin 使用@Preauthorize注释保护控制器不会';行不通,kotlin,spring-security,Kotlin,Spring Security,我正在尝试使用Spring安全性保护端点。但代码似乎不起作用。我不知道我会错在哪里 我的安全课 @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true,proxyTargetClass = true) open class WebSecurity : WebSecurityConfigurerAdapter() { @Throws(Exception::class) override fun con

我正在尝试使用Spring安全性保护端点。但代码似乎不起作用。我不知道我会错在哪里

我的安全课

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,proxyTargetClass = true)
open class WebSecurity : WebSecurityConfigurerAdapter() {
    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        http.httpBasic()
                .and()
                .cors().and()
                .csrf().disable().authorizeRequests()
                .antMatchers("/authorize/users/*").permitAll()
                .anyRequest().authenticated().hasRole("MANAGER")
                .and()
                .formLogin()
    }

    @Bean
    public override fun userDetailsService(): UserDetailsService {

        //User Role
        val theUser = User.withUsername("sergey")
                .passwordEncoder { charSequence: String? -> PasswordEncoderFactories.createDelegatingPasswordEncoder().encode(charSequence) }
                .password("12345678").roles("USER").build()

        //Manager Role
        val theManager = User.withUsername("john")
                .password("87654321").roles("MANAGER").build()
        val userDetailsManager = InMemoryUserDetailsManager()
        userDetailsManager.createUser(theUser)
        userDetailsManager.createUser(theManager)
        return userDetailsManager
    }
}
控制器

 @RestController
    @RequestMapping("/authorize")
    open class AuthController {

   @PreAuthorize("hasRole('MANAGER')")
        @PostMapping("/users/add")
        fun createUsers(@RequestHeader("Authorization") token: String,
                             @RequestBody users: UserDTO) : ResponseEntity<Any> {
            lateinit var message: String
            try {
    
                val response = authService.insert(users, token)     
    
            }
            catch (exception: RuntimeException) {
                return ResponseEntity(exception.message, HttpStatus.INTERNAL_SERVER_ERROR)
            }
        }
    
        }

@RestController
@请求映射(“/authorize”)
开放类AuthController{
@预授权(“hasRole('MANAGER')”)
@后期映射(“/users/add”)
fun createUsers(@RequestHeader(“授权”)令牌:字符串,

@RequestBody用户:UserDTO):ResponseEntity与未识别或不存在的凭据关联

我认为问题在于:


val theManager=User.withUsername(“john”)
.password(“87654321”).roles(“MANAGER”).build()


如果没有编码前缀,Spring Security在执行密码比较时可能会出错

相反,你应该这样做


val theManager=User.withUsername(“john”)
.password(“{noop}87654321”).roles(“MANAGER”).build()


告诉Spring Security此密码未被删除

调试提示

如果这不能修复问题,请考虑将<>代码> ANDMatter(“/Orror”).PyMeMalor()/代码>添加到您的授权请求列表中,并可能将堆栈简化为:


.authorizeRequests()
.antMatchers(“/error”).permitAll()
.anyRequest().authenticated()


这不会修复它,但是打开
/error
端点可能会为您提供额外的调试信息