Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/git/25.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring mvc spring security webSecurity.ignoring()_Spring Mvc_Spring Security_Spring Rest - Fatal编程技术网
Fatal编程技术网
  • spring-mvc/
  • Spring mvc spring security webSecurity.ignoring()

Spring mvc spring security webSecurity.ignoring()

spring-mvc spring-security

Spring mvc spring security webSecurity.ignoring(),spring-mvc,spring-security,spring-rest,Spring Mvc,Spring Security,Spring Rest,我通过SpringBoot使用SpringSecurity。 我有两种休息服务 public/**-->每个人都可以访问和使用这些服务 secure/**-->只有经过身份验证的用户才能使用 @Slf4j @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurit

我通过SpringBoot使用SpringSecurity。 我有两种休息服务

public/**-->每个人都可以访问和使用这些服务

secure/**-->只有经过身份验证的用户才能使用

@Slf4j
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
public void configure(WebSecurity webSecurity) throws Exception {
    webSecurity.ignoring().antMatchers("/public/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.addFilterBefore(requestHeaderAuthenticationFilter(authenticationManager()),
            BasicAuthenticationFilter.class)
            .authorizeRequests().antMatchers("/secure/**").fullyAuthenticated();
}

@Bean
public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter(
        final AuthenticationManager authenticationManager) {

    RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManager);
    filter.setExceptionIfHeaderMissing(true);
    filter.setPrincipalRequestHeader("MY_HEADER");
    filter.setInvalidateSessionOnPrincipalChange(true);
    filter.setCheckForPrincipalChanges(false);
    filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
    return filter;
}
当我想访问public下的资源时,我得到了一个异常

异常:“org.springframework.security.web.authentication.PreAuthenticatedCredentialsNotFoundException”

消息:“在请求中找不到MY_标头。”

为什么我的过滤器在配置为忽略资源时在公共资源下激活

感谢是高级的

这是
WebSecurity.ignoreing()
中的一个问题,在使用bean作为过滤器时讨论了这个问题

您可以通过删除过滤器声明中的
@Bean
注释来解决这个问题

// @Bean - Remove or Comment this
public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter(
        final AuthenticationManager authenticationManager) {

    RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManager);
    filter.setExceptionIfHeaderMissing(true);
    filter.setPrincipalRequestHeader("MY_HEADER");
    filter.setInvalidateSessionOnPrincipalChange(true);
    filter.setCheckForPrincipalChanges(false);
    filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
    return filter;
}
你能找到答案吗?