Spring boot 为什么我的web服务在使用.hasIpAddress()时禁止我的连接?
Defintieyl已经在stackex中搜索过了。hasIpAddress的问题似乎是独一无二的 我相信我了解我的需求到我的服务器的路线 用户->Zuul->我的web服务Spring boot 为什么我的web服务在使用.hasIpAddress()时禁止我的连接?,spring-boot,spring-security,Spring Boot,Spring Security,Defintieyl已经在stackex中搜索过了。hasIpAddress的问题似乎是独一无二的 我相信我了解我的需求到我的服务器的路线 用户->Zuul->我的web服务 http.authorizeRequests().antMatchers("/**").permitAll(); 在我的Web服务中,允许我从本地主机和系统的IP发送请求和接收响应 http.authorizeRequests().antMatchers("/**").hasIpAddress(10.10.1.24);
http.authorizeRequests().antMatchers("/**").permitAll();
http.authorizeRequests().antMatchers("/**").hasIpAddress(10.10.1.24);
2019-10-23 11:58:46.608 INFO 7468 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@27040a7b, org.springframework.security.web.context.SecurityContextPersistenceFilter@6d6a2d29, org.springframework.security.web.header.HeaderWriterFilter@3485fdae, org.springframework.security.web.authentication.logout.LogoutFilter@198a3831, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2c7fb62d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@20043371, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@ad82f08, org.springframework.security.web.session.SessionManagementFilter@2285c828, org.springframework.security.web.access.ExceptionTranslationFilter@6511c7f9, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7e27dfef]
2019-10-23 11:58:46.618 WARN 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2019-10-23 11:58:46.618 INFO 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2019-10-23 11:58:46.621 WARN 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2019-10-23 11:58:46.621 INFO 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2019-10-23 11:58:46.731 INFO 7468 --- [ restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-10-23 11:58:47.264 WARN 7468 --- [ restartedMain] ockingLoadBalancerClientRibbonWarnLogger : You already have RibbonLoadBalancerClient on your classpath. It will be used by default. As Spring Cloud Ribbon is in maintenance mode. We recommend switching to BlockingLoadBalancerClient instead. In order to use it, set the value of `spring.cloud.loadbalancer.ribbon.enabled` to `false` or remove spring-cloud-starter-netflix-ribbon from your project.
2019-10-23 11:58:47.365 INFO 7468 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 54293 (http) with context path ''
2019-10-23 11:58:47.366 INFO 7468 --- [ restartedMain] .s.c.n.e.s.EurekaAutoServiceRegistration : Updating port to 54293
2019-10-23 11:58:47.370 INFO 7468 --- [ restartedMain] o.s.c.n.eureka.InstanceInfoFactory : Setting initial instance status as: STARTING
2019-10-23 11:58:47.392 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Initializing Eureka in region us-east-1
2019-10-23 11:58:47.491 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using JSON encoding codec LegacyJacksonJson
2019-10-23 11:58:47.492 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using JSON decoding codec LegacyJacksonJson
2019-10-23 11:58:47.570 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using XML encoding codec XStreamXml
2019-10-23 11:58:47.571 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using XML decoding codec XStreamXml
2019-10-23 11:58:47.690 INFO 7468 --- [ restartedMain] c.n.d.s.r.aws.ConfigClusterResolver : Resolving eureka endpoints via configuration
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Application is null : false
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Application version is -1: true
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2019-10-23 11:58:47.890 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : The response status is 200
2019-10-23 11:58:47.892 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Starting heartbeat executor: renew interval is: 30
2019-10-23 11:58:47.894 INFO 7468 --- [ restartedMain] c.n.discovery.InstanceInfoReplicator : InstanceInfoReplicator onDemand update allowed rate per min is 4
2019-10-23 11:58:47.897 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Discovery Client initialized at timestamp 1571842727896 with initial instances count: 0
2019-10-23 11:58:47.900 INFO 7468 --- [ restartedMain] o.s.c.n.e.s.EurekaServiceRegistry : Registering application USERS-WS with eureka with status UP
2019-10-23 11:58:47.900 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Saw local status change event StatusChangeEvent [timestamp=1571842727900, current=UP, previous=STARTING]
2019-10-23 11:58:47.902 INFO 7468 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_USERS-WS/users-ws:90ae4ec0932916bcd2b9155854f3a269: registering service...
2019-10-23 11:58:47.945 INFO 7468 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_USERS-WS/users-ws:90ae4ec0932916bcd2b9155854f3a269 - registration status: 204
2019-10-23 11:58:48.064 INFO 7468 --- [ restartedMain] c.p.p.a.u.PhotoAppApiUsersApplication : Started PhotoAppApiUsersApplication in 5.037 seconds (JVM running for 5.825)
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Application is null : false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Application version is -1: false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2019-10-23 11:59:17.959 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : The response status is 200
下面是一个使用
spring boot 2.2.0的基本示例。使用spring boot starter security
和spring boot starter web
通过http://localhost:8080/ip
@SpringBoot应用程序
公共类SpringSecurityHasIpAddressApplication{
公共静态void main(字符串[]args){
run(SpringSecurityHasIpAddressApplication.class,args);
}
}
@RestController
类Hello控制器{
@GetMapping(“/hello”)
公共字符串hello(){
返回“你好,世界!”;
}
@GetMapping(“/ip”)
公共字符串ip(HttpServletRequest请求){
返回请求。getRemoteAddr();
}
@GetMapping(“/secure”)
公共字符串安全(主体,HttpServletRequest){
返回principal.getName()+”和“+request.getRemoteAddr()”;
}
}
@配置
类SecurityConfig扩展了WebSecurity配置适配器{
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http
.批准请求(
授权请求->
批准请求
.antMatchers(“/hello”).permitAll()
.antMatchers(“/secure”).authenticated()
.antMatchers(“/ip”).hasIpAddress(“0:0:0:0:0:0:0:1”)//localhost
.anyRequest().authenticated()
)
.formLogin();
}
}
您可以访问/secure
路径,然后可以看到您实际使用的IP地址
0:0:0:0:0:0:0:1
是我的本地主机地址,因此我可以在无需身份验证的情况下访问/ip
通过设置org.springframework.security的日志级别也会非常有用
应用程序属性
然后,您可以在日志中看到如下内容:
2019-10-30 19:14:01.039调试3692---[nio-8080-exec-6]o.s.s.w.a.i.FilterSecurityInterceptor:以前经过身份验证的:org.springframework.security.authentication。AnonymousAuthenticationToken@536ff536:委托人:匿名用户;凭据:[受保护];认证:正确;详细信息:org.springframework.security.web.authentication。WebAuthenticationDetails@166c8:远程IP地址:0:0:0:0:0:0:0:0:1SessionId:760234358C34E2576CD0D3E20EDCBEE;授予的权限:角色\u匿名
2019-10-30 19:14:01.040调试3692---[nio-8080-exec-6]o.s.s.access.vote.AffirmativeBased:投票者:org.springframework.security.web.access.expression。WebExpressionVoter@7527e914,返回:-1
2019-10-30 19:14:01.041调试3692---[nio-8080-exec-6]o.s.s.w.a.例外TranslationFilter:访问被拒绝(用户是匿名的);重定向到身份验证入口点
如果您尝试通过http://127.0.0.1/ip
上述解决方案将失败
然后你可以用
。。。
.antMatchers(“/ip”).hasIpAddress(“127.0.0.1/32”)
...
如果您想使用一系列允许的IP地址,那么您可以使用
。。。
.antMatchers(“/access”)//多个IP匹配
.access(“hasIpAddress('192.168.0.1/16')或hasIpAddress('127.0.0.1/32'))
...
这里是一个使用spring boot 2.2.0的工作基本示例。使用spring boot starter security和spring boot starter web发布
通过http://localhost:8080/ip
@SpringBoot应用程序
公共类SpringSecurityHasIpAddressApplication{
公共静态void main(字符串[]args){
run(SpringSecurityHasIpAddressApplication.class,args);
}
}
@RestController
类Hello控制器{
@GetMapping(“/hello”)
公共字符串hello(){
返回“你好,世界!”;
}
@GetMapping(“/ip”)
公共字符串ip(HttpServletRequest请求){
返回请求。getRemoteAddr();
}
@GetMapping(“/secure”)
公共字符串安全(主体,HttpServletRequest){
返回principal.getName()+”和“+request.getRemoteAddr()”;
}
}
@配置
类SecurityConfig扩展了WebSecurity配置适配器{
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http
.批准请求(
授权请求->
批准请求
.antMatchers(“/hello”).permitAll()
.antMatchers(“/secure”).authenticated()
.antMatchers(“/ip”).hasIpAddress(“0:0:0:0:0:0:0:1”)//localhost
.anyRequest().authenticated()
)
.formLogin();
}
}
您可以访问/secure
路径,然后可以看到您实际使用的IP地址
0:0:0:0:0:0:0:1
是我的本地主机地址,因此我可以在无需身份验证的情况下访问/ip
通过设置org.springframework.security的日志级别也会非常有用
应用程序属性
然后,您可以在日志中看到如下内容:
2019-10-30 19:14:01.039调试3692---[nio-80
2019-10-23 11:58:46.608 INFO 7468 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@27040a7b, org.springframework.security.web.context.SecurityContextPersistenceFilter@6d6a2d29, org.springframework.security.web.header.HeaderWriterFilter@3485fdae, org.springframework.security.web.authentication.logout.LogoutFilter@198a3831, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2c7fb62d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@20043371, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@ad82f08, org.springframework.security.web.session.SessionManagementFilter@2285c828, org.springframework.security.web.access.ExceptionTranslationFilter@6511c7f9, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7e27dfef]
2019-10-23 11:58:46.618 WARN 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2019-10-23 11:58:46.618 INFO 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2019-10-23 11:58:46.621 WARN 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2019-10-23 11:58:46.621 INFO 7468 --- [ restartedMain] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2019-10-23 11:58:46.731 INFO 7468 --- [ restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-10-23 11:58:47.264 WARN 7468 --- [ restartedMain] ockingLoadBalancerClientRibbonWarnLogger : You already have RibbonLoadBalancerClient on your classpath. It will be used by default. As Spring Cloud Ribbon is in maintenance mode. We recommend switching to BlockingLoadBalancerClient instead. In order to use it, set the value of `spring.cloud.loadbalancer.ribbon.enabled` to `false` or remove spring-cloud-starter-netflix-ribbon from your project.
2019-10-23 11:58:47.365 INFO 7468 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 54293 (http) with context path ''
2019-10-23 11:58:47.366 INFO 7468 --- [ restartedMain] .s.c.n.e.s.EurekaAutoServiceRegistration : Updating port to 54293
2019-10-23 11:58:47.370 INFO 7468 --- [ restartedMain] o.s.c.n.eureka.InstanceInfoFactory : Setting initial instance status as: STARTING
2019-10-23 11:58:47.392 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Initializing Eureka in region us-east-1
2019-10-23 11:58:47.491 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using JSON encoding codec LegacyJacksonJson
2019-10-23 11:58:47.492 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using JSON decoding codec LegacyJacksonJson
2019-10-23 11:58:47.570 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using XML encoding codec XStreamXml
2019-10-23 11:58:47.571 INFO 7468 --- [ restartedMain] c.n.d.provider.DiscoveryJerseyProvider : Using XML decoding codec XStreamXml
2019-10-23 11:58:47.690 INFO 7468 --- [ restartedMain] c.n.d.s.r.aws.ConfigClusterResolver : Resolving eureka endpoints via configuration
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2019-10-23 11:58:47.814 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Application is null : false
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Application version is -1: true
2019-10-23 11:58:47.815 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2019-10-23 11:58:47.890 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : The response status is 200
2019-10-23 11:58:47.892 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Starting heartbeat executor: renew interval is: 30
2019-10-23 11:58:47.894 INFO 7468 --- [ restartedMain] c.n.discovery.InstanceInfoReplicator : InstanceInfoReplicator onDemand update allowed rate per min is 4
2019-10-23 11:58:47.897 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Discovery Client initialized at timestamp 1571842727896 with initial instances count: 0
2019-10-23 11:58:47.900 INFO 7468 --- [ restartedMain] o.s.c.n.e.s.EurekaServiceRegistry : Registering application USERS-WS with eureka with status UP
2019-10-23 11:58:47.900 INFO 7468 --- [ restartedMain] com.netflix.discovery.DiscoveryClient : Saw local status change event StatusChangeEvent [timestamp=1571842727900, current=UP, previous=STARTING]
2019-10-23 11:58:47.902 INFO 7468 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_USERS-WS/users-ws:90ae4ec0932916bcd2b9155854f3a269: registering service...
2019-10-23 11:58:47.945 INFO 7468 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_USERS-WS/users-ws:90ae4ec0932916bcd2b9155854f3a269 - registration status: 204
2019-10-23 11:58:48.064 INFO 7468 --- [ restartedMain] c.p.p.a.u.PhotoAppApiUsersApplication : Started PhotoAppApiUsersApplication in 5.037 seconds (JVM running for 5.825)
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2019-10-23 11:59:17.895 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Application is null : false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Application version is -1: false
2019-10-23 11:59:17.896 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2019-10-23 11:59:17.959 INFO 7468 --- [freshExecutor-0] com.netflix.discovery.DiscoveryClient : The response status is 200
logging.level.org.springframework.security=debug