Spring引导安全(Web+;Rest)Web/未经授权登录
我想使用多个Spring引导安全(Web+;Rest)Web/未经授权登录,spring,spring-security,jwt-auth,Spring,Spring Security,Jwt Auth,我想使用多个HttpSecurity为RESTAPI和web应用程序进行安全配置。 JWT安全性在RESTAPI中运行良好。问题在于我的web应用程序。请求时有一个“未经授权的401”/login。我认为每个请求都被重定向到restApiWebSecurityConfigurationAdapter(@Order(1))。这是我的安全配置文件。请帮忙 package com.smartuniv.security; import org.springframework.beans.factory
HttpSecurity
为RESTAPI和web应用程序进行安全配置。
JWT安全性在RESTAPI中运行良好。问题在于我的web应用程序。请求时有一个“未经授权的401”/login
。我认为每个请求都被重定向到restApiWebSecurityConfigurationAdapter
(@Order(1)
)。这是我的安全配置文件。请帮忙
package com.smartuniv.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN");
auth.userDetailsService(customUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* config from: https://bezkoder.com/spring-boot-jwt-authentication/
* @author islaib
*
*/
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public AuthTokenFilter authenticationJwtTokenFilter() {
return new AuthTokenFilter();
}
@Autowired
private AuthExceptionHandler unauthorizedHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and().csrf().disable()
.antMatcher("/api/**").authorizeRequests().anyRequest().permitAll().and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/utilisateurs/**").hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf()
.disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
//Ne pas sécuriser les ressources web statiques (css, js, img, webfonts/icones)
web
.ignoring()
.antMatchers("/static/**", "/css/**", "/js/**", "/img/**", "/webfonts/**", "ckeditor", "/error");
}
}
}
您的spring安全调试日志告诉您什么?