Spring Boot

Question

我们正在开发使用Jersey和Basic Authentication Spring Security的Spring Boot应用程序。下面是我用于配置的一些文件。

SecurityConfiguration.java

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{


    @Value("${spring.datasource.driverClassName}")
    private String driverClassName;
    @Value("${spring.datasource.url}")
    private String dataSourceUrl;
    @Value("${spring.datasource.username}")
    private String username;
    @Value("${spring.datasource.password}")
    private String password;


    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {


            DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource();
            driverManagerDataSource.setDriverClassName(driverClassName);
            driverManagerDataSource.setUrl(dataSourceUrl);
            driverManagerDataSource.setUsername(username);
            driverManagerDataSource.setPassword(password);

            auth.jdbcAuthentication().dataSource(driverManagerDataSource).usersByUsernameQuery(
                    "select username,password, user_status from users where username=?")
                .authoritiesByUsernameQuery(
                    "select user.username,ur.role from users user inner join user_roles ur on user.role=ur.role_id and user.username=?");   

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        http.csrf().disable().authorizeRequests()


                .antMatchers("/api/v1/**").hasRole("SUPERADMIN")
                .antMatchers(HttpMethod.OPTIONS,"/api/v1/**").hasRole("SUPERADMIN")


                .antMatchers("/api/v1/admin/**").hasAnyRole("SUPERADMIN","ADMIN")
                .antMatchers(HttpMethod.OPTIONS,"/api/v1/admin/**").hasAnyRole("SUPERADMIN","ADMIN")

                .antMatchers("/api/user/**").hasAnyRole("USER","SUPERADMIN","ADMIN")
                .antMatchers(HttpMethod.OPTIONS,"/api/user/**").hasAnyRole("USER","SUPERADMIN","ADMIN")

                .antMatchers(HttpMethod.POST, "/api/v1/login").permitAll()

                .and().httpBasic(); 


                }
}

此外，我们已将CORS过滤器用于OPTIONS方法，因此请在下面查看过滤器。

@Component
@Order(1)
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;

        if(request.getMethod().equalsIgnoreCase("options") && response != null){
            System.out.println("in options");
            response.setStatus(200);
        }

        if(request.getHeader("Origin")!= null){
            response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); 
        }
        else {
            response.setHeader("Access-Control-Allow-Origin", "http://localhost");
        }

        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");


        chain.doFilter(req, res);
    }

    public void init(FilterConfig filterConfig) {}

    public void destroy() {}

}

有401未授权错误我们正在尝试Jquery / Ajax Call，所以请检查一下，让我知道如何解决Spring Security的过滤问题。