Spring boot 禁用基本身份验证导致Spring boot应用程序中出现403拒绝访问错误
我有一个springboot2应用程序,它没有强制执行基本身份验证,但对其他端点有限制。 即使使用有效的用户角色,当从jenkins为调用时,我也会看到403错误 Http POSThttp://xxxx:8085/myapp/actuator/shutdownSpring boot 禁用基本身份验证导致Spring boot应用程序中出现403拒绝访问错误,spring-boot,spring-security,Spring Boot,Spring Security,我有一个springboot2应用程序,它没有强制执行基本身份验证,但对其他端点有限制。 即使使用有效的用户角色,当从jenkins为调用时,我也会看到403错误 Http POSThttp://xxxx:8085/myapp/actuator/shutdown Response to shutdown request was {"timestamp":1602006760226,"status":403,"error":"
Response to shutdown request was
{"timestamp":1602006760226,"status":403,"error":"Forbidden","message":"Access
Denied","path":"/myapp/actuator/shutdown"}
当我尝试使用有效的用户ID/角色通过rest客户机时,这一点就起作用了
这是我的WebSecurity配置文件
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSEALSecurityConfig
{
@Value("${ldap.server.admin.group}")
private String SERVER_ADMIN_GROUP;
@Value("${myapp.user.group}")
private String APP_USER;
@Autowired
private CustomAccessDeniedHandler accessDeniedHandler;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/actuator/health").permitAll()
.antMatchers("/actuator/**").hasRole(SERVER_ADMIN_GROUP)
.antMatchers("/customer/deleteUser").hasRole(APP_USER)
.and().addFilterBefore(getWinAuthenticationSelectionFilter(), BasicAuthenticationFilter.class)
.httpBasic()
.and().csrf().disable()
.httpBasic().disable()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
我有一个AccessDeniedHandler类,可以在用户点击这些受限URL时捕获403个错误
我能知道我做错了什么吗?提前感谢嗯,403错误代码表示权限不足 您确定这些实例变量已正确初始化吗
@Value("${ldap.server.admin.group}")
private String SERVER_ADMIN_GROUP;
@Value("${myapp.user.group}")
private String APP_USER;
对于url:http://xxxx:8085/myapp/actuator/shutdown,以下规则将生效:。antMatchers(“/actuator/**”)。hasRole(服务器管理组)
因此,如果服务器管理组未正确初始化,您将面临问题