本文介绍了Spring Security AntMatcher无法正常工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我配置spring安全性的方法,在控制器中,我将ROLE_ANONYMOUS作为权限.看起来安全性不是在拦截请求并检查JWT.如何配置antmatcher ..
This is the way I have configured spring security, in controller I'm getting ROLE_ANONYMOUS as authority. Looks like security is not intercepting the request and checking for JWT.How to configure antmatcher..?
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests()
.antMatchers("/actuator/**", "/api-docs/**").permitAll()
.antMatchers("/notes/**").hasAnyAuthority("USER").anyRequest().authenticated();
}
}
下面是我的控制器代码
@RestController
@RequestMapping("/notes")
public class NoteController
{
@Autowired
private IUserService userService;
@Autowired
private INoteService noteService;
static MessageSourceAccessor messageAccesser = ApplicationConfiguration.getMessageAccessor();
private final Logger logger = LoggerFactory.getLogger(NoteController.class);
@RequestMapping(value = "/addnote", method = RequestMethod.POST)
public ResponseEntity<Response> addNote(@RequestBody NoteDto note, HttpSession session)
{
Authentication ath = SecurityContextHolder.getContext().getAuthentication();
int userId = 5;
logger.debug("Adding note :-", note);
Response response = new Response();
try {
User user = userService.getUserById(userId);
if (user == null) {
response.setStatus(111);
response.setResponseMessage(ApplicationConfiguration.getMessageAccessor().getMessage("111"));
return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
}
noteService.saveNote(note, user);
} catch (Exception e) {
logger.error(e.getMessage());
FNException fn = new FNException(101, new Object[] { "Adding Note - " + e.getMessage() }, e);
return new ResponseEntity<>(fn.getErrorResponse(), HttpStatus.INTERNAL_SERVER_ERROR);
}
response.setStatus(200);
response.setResponseMessage(messageAccesser.getMessage("200"));
return new ResponseEntity<>(response, HttpStatus.OK);
}
更新看起来像antmatchers不能正常工作.这是我按下api时的日志.
UPDATELooks like antmatchers are not working. Here is the log when I hit the api.
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.s.w.u.matcher.OrRequestMatcher.matches line: 72 - No matches found
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 5 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 6 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 7 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.s.w.a.AnonymousAuthenticationFilter.doFilter line: 100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 9 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.s.w.s.SessionManagementFilter.doFilter line: 124 - Requested session ID DE97FB345788E4AB200B922552573A31 is invalid.
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 325 - /notes/addnote at position 10 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.security.web.FilterChainProxy.doFilter line: 310 - /notes/addnote reached end of additional filter chain; proceeding with original chain
DEBUG [http-nio-8080-exec-3]: 2018-04-18 16:31:03 o.s.web.servlet.DispatcherServlet.doService line: 869 - DispatcherServlet with name 'dispatcherServlet' processing POST request for [/notes/addnote]
推荐答案
尝试 WebSecurityConfigurerAdapter ,您可以在下面参考我的演示.我自定义了一些过滤器进行验证,如果您不需要的话,只需将其删除即可.
Try WebSecurityConfigurerAdapter, you can refer to my demo below. I have customed some filters for validation, If you don't need just remove it.
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.addFilterBefore(new CaptchaAuthenticationFilter("/login", "/login?error2"), UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/").hasRole("USER")
.antMatchers("/index").hasRole("USER")
.antMatchers("/message/*").hasRole("USER")
.anyRequest().permitAll()
.and().formLogin().loginPage("/login").defaultSuccessUrl("/index").failureUrl("/login?error1").permitAll()
.and().rememberMe().tokenValiditySeconds(60*60*7).key("message")
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").permitAll();
}
@Bean
public AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider authenticationProvider=new CustomAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService());
return authenticationProvider;
}
@Bean
public UserDetailsService userDetailsService(){
return new CustomUserDetailService();
}
}
这篇关于Spring Security AntMatcher无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!