Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/linq/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring引导安全(Web+;Rest)Web/未经授权登录_Spring_Spring Security_Jwt Auth - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring引导安全(Web+;Rest)Web/未经授权登录

Spring引导安全(Web+;Rest)Web/未经授权登录

spring spring-security

Spring引导安全(Web+;Rest)Web/未经授权登录,spring,spring-security,jwt-auth,Spring,Spring Security,Jwt Auth,我想使用多个HttpSecurity为RESTAPI和web应用程序进行安全配置。 JWT安全性在RESTAPI中运行良好。问题在于我的web应用程序。请求时有一个“未经授权的401”/login。我认为每个请求都被重定向到restApiWebSecurityConfigurationAdapter(@Order(1))。这是我的安全配置文件。请帮忙 package com.smartuniv.security; import org.springframework.beans.factory

我想使用多个
HttpSecurity
为RESTAPI和web应用程序进行安全配置。 JWT安全性在RESTAPI中运行良好。问题在于我的web应用程序。请求时有一个“未经授权的401”
/login
。我认为每个请求都被重定向到rest
ApiWebSecurityConfigurationAdapter
@Order(1)
)。这是我的安全配置文件。请帮忙

package com.smartuniv.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@Autowired
private CustomUserDetailsService customUserDetailsService;

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    //auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN");
    auth.userDetailsService(customUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}

/**
 * config from: https://bezkoder.com/spring-boot-jwt-authentication/
 * @author islaib
 *
 */

@Configuration  
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }
    @Autowired
    private AuthExceptionHandler unauthorizedHandler;
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .cors().and().csrf().disable()
        .antMatcher("/api/**").authorizeRequests().anyRequest().permitAll().and()
        .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
        http            
            .authorizeRequests()
                .antMatchers("/utilisateurs/**").hasRole("ADMIN")
                .anyRequest()
                    .authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                    .permitAll()
            .and()
            .logout()
                .permitAll()
            .and()
                .csrf()
                    .disable();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        //Ne pas sécuriser les ressources web statiques (css, js, img, webfonts/icones)
        web
            .ignoring()
                .antMatchers("/static/**", "/css/**", "/js/**", "/img/**", "/webfonts/**", "ckeditor", "/error");
    }
}
}
您的spring安全调试日志告诉您什么?