spring安全性根本不起作用
我有以下配置:spring安全性根本不起作用,spring,spring-boot,spring-security,kotlin,Spring,Spring Boot,Spring Security,Kotlin,我有以下配置: @Configuration @EnableWebSecurity class SignInSecurityConfig( val authenticationEntryPoint: AppAuthenticationEntryPoint ) : WebSecurityConfigurerAdapter() { override fun configure(http: HttpSecurity) { http.cors().and().c
@Configuration
@EnableWebSecurity
class SignInSecurityConfig(
val authenticationEntryPoint: AppAuthenticationEntryPoint
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/sign_in", "/users/sign_up").permitAll()
.anyRequest().authenticated()
http.addFilterBefore(JwtAuthorizationFilter(), UsernamePasswordAuthenticationFilter::class.java)
}
}
目前,JwtAuthorizationFilter
只是记录一些信息并调用chain.doFilter
现在,一些有趣的事情正在发生:
1) 当我调用/users/sign\u up
时,会触发注册过程,尝试注册用户,如果成功,则返回201
,如果失败,则返回401
,而不是500
(在我的情况下,我想返回500)
2) 当我调用/sign_in
时,我只得到401
,没有错误,没有日志,什么都没有
3) JwtAuthorizationFilter
,尽管它在过滤器列表中,但从未被调用
4) 过滤器链看起来很奇怪:
2018-05-21 14:58:22.318 INFO 2339 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/users/sign_up'], []
2018-05-21 14:58:22.484 INFO 2339 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@46b2cadf, org.springframework.security.web.context.SecurityContextPersistenceFilter@e41e9a9, org.springframework.security.web.header.HeaderWriterFilter@733dea73, org.springframework.security.web.csrf.CsrfFilter@59140203, org.springframework.security.web.authentication.logout.LogoutFilter@6e8e5936, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@52fb6fa5, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@497c75f3, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@10a4663e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2cfbcfd6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5aa01db1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@fe39081, org.springframework.security.web.session.SessionManagementFilter@47da14ce, org.springframework.security.web.access.ExceptionTranslationFilter@376d0f3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@797b0e0c]
知道为什么会这样吗
我正在使用SpringBoot2.0.2和默认依赖项版本
.antMatchers(HttpMethod.GET,"/sign_in").permitAll().and()
.antMatchers(HttpMethod.GET, "/users/sign_up").permitAll().and()
.anyRequest().authenticated()
入口点一定出了什么问题。