Spring mvc 弹簧安全钳不工作
Spring security antMatcher未按预期工作 我正在用kotlin运行Spring启动应用程序 当我试图访问Spring mvc 弹簧安全钳不工作,spring-mvc,kotlin,spring-security,Spring Mvc,Kotlin,Spring Security,Spring security antMatcher未按预期工作 我正在用kotlin运行Spring启动应用程序 当我试图访问 /service status/v1/task/status 我已经在AntMatcherPermit的下面代码中添加了这个url 这给了我未经授权的错误 @Configuration @EnableWebSecurity class SecurityConfig(val authenticationEntryPoint: AuthenticationEntryPoi
/service status/v1/task/status
我已经在AntMatcherPermit的下面代码中添加了这个url
这给了我未经授权的错误
@Configuration
@EnableWebSecurity
class SecurityConfig(val authenticationEntryPoint: AuthenticationEntryPoint) : WebSecurityConfigurerAdapter() {
@Autowired
@Throws(Exception::class)
fun configureGlobal(auth: AuthenticationManagerBuilder) {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("pass"))
.authorities("ROLE_USER")
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity?) {
http?.csrf()?.disable()
?.authorizeRequests()
?.antMatchers(
"/",
"/service-status/v1/task/status",
"/*.html",
"/*.js",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.png",
"/webjars/**",
"/configuration/**",
"/v2/**",
"/swagger-resources/**",
"/**/*.js")?.permitAll()
?.anyRequest()?.authenticated()
?.and()
?.httpBasic()
?.authenticationEntryPoint(authenticationEntryPoint)
}
@Bean
fun passwordEncoder(): PasswordEncoder {
return BCryptPasswordEncoder()
}
}
获取错误如下所示
{
"timestamp": "2019-05-09T08:37:25.976+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/service-status/v1/task/status"
}
身份验证入口点
@Component
class AuthenticationEntryPoint : BasicAuthenticationEntryPoint(){
override fun commence(request: HttpServletRequest?, response: HttpServletResponse?, authException: AuthenticationException?) {
response?.addHeader("WWW-Authenticate", "Basic realm=$realmName")
response?.status = HttpServletResponse.SC_UNAUTHORIZED
response?.writer?.println("HTTP Status 401 - " + authException?.message)
}
override fun afterPropertiesSet() {
realmName = "service-status"
super.afterPropertiesSet()
}
}
如何解决这个问题?我已经添加了下面两行,现在它可以工作了
.antMatchers("/service-status/v1/task/status").permitAll()
.antMatchers("/service-status/v1/task/status/**").permitAll()
完整形式
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(
HttpMethod.GET,
"/",
"/csrf",
"/service-status/v1/task/status",
"/swagger-ui.html",
"/*.html",
"/*.js",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.png",
"/webjars/**",
"/configuration/**",
"/v2/**",
"/swagger-resources/**",
"/**/*.js"
).permitAll()
.antMatchers("/api/v1/auth/**").permitAll()
.antMatchers("/service-status/v1/task/status").permitAll()
.antMatchers("/service-status/v1/task/status/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
http.headers().cacheControl();
}
您是否在请求中发送了HTTP
Authentication
头?您使用Spring Boot吗?在我看来,调用的顺序很重要,也许您可以反转antMatcher(“”.permitAll和anyRequest().authenticated()。您可以将HttpSecurity参数设置为不可为null。我使用的是spring boot,我不发送任何头文件