spring安全性根本不起作用_Spring_Spring Boot_Spring Security_Kotlin

spring安全性根本不起作用

spring spring-boot spring-security kotlin

spring安全性根本不起作用,spring,spring-boot,spring-security,kotlin,Spring,Spring Boot,Spring Security,Kotlin,我有以下配置： @Configuration @EnableWebSecurity class SignInSecurityConfig( val authenticationEntryPoint: AppAuthenticationEntryPoint ) : WebSecurityConfigurerAdapter() { override fun configure(http: HttpSecurity) { http.cors().and().c

我有以下配置：

@Configuration
@EnableWebSecurity
class SignInSecurityConfig(
        val authenticationEntryPoint: AppAuthenticationEntryPoint
) : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity) {
        http.cors().and().csrf().disable()
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/sign_in", "/users/sign_up").permitAll()
                .anyRequest().authenticated()

        http.addFilterBefore(JwtAuthorizationFilter(), UsernamePasswordAuthenticationFilter::class.java)
    }
}

目前，

JwtAuthorizationFilter

只是记录一些信息并调用

chain.doFilter

现在，一些有趣的事情正在发生：

1）当我调用

/users/sign\u up

时，会触发注册过程，尝试注册用户，如果成功，则返回

，如果失败，则返回

，而不是

（在我的情况下，我想返回500）

2）当我调用

/sign_in

时，我只得到

，没有错误，没有日志，什么都没有

3）

JwtAuthorizationFilter

，尽管它在过滤器列表中，但从未被调用

4）过滤器链看起来很奇怪：

2018-05-21 14:58:22.318  INFO 2339 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: Ant [pattern='/users/sign_up'], []
2018-05-21 14:58:22.484  INFO 2339 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@46b2cadf, org.springframework.security.web.context.SecurityContextPersistenceFilter@e41e9a9, org.springframework.security.web.header.HeaderWriterFilter@733dea73, org.springframework.security.web.csrf.CsrfFilter@59140203, org.springframework.security.web.authentication.logout.LogoutFilter@6e8e5936, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@52fb6fa5, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@497c75f3, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@10a4663e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2cfbcfd6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5aa01db1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@fe39081, org.springframework.security.web.session.SessionManagementFilter@47da14ce, org.springframework.security.web.access.ExceptionTranslationFilter@376d0f3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@797b0e0c]

知道为什么会这样吗

我正在使用SpringBoot2.0.2和默认依赖项版本

.antMatchers(HttpMethod.GET,"/sign_in").permitAll().and()
.antMatchers(HttpMethod.GET, "/users/sign_up").permitAll().and()
.anyRequest().authenticated()

入口点一定出了什么问题。