Spring Boot HttpSecurity总是403禁止

时间:2019-10-15 10:19:27

标签: java spring spring-boot spring-security

我总是获得http状态403。我具有以下安全配置:

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .cors().and().csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/users/login/").permitAll()
        .anyRequest().authenticated();
}


@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    configuration.setAllowCredentials(true);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

我无法发布到 / api / users / login

  

2019-10-15 12:25:49.567 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m   [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m   [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m   POST的“ / ERROR”的“ ERROR”调度,参数= {} [2m2019-10-15   12:25:49.576 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m [2m --- [0; 39m   [2m [nio-8080-exec-1] [0; 39m   [36ms.w.s.m.m.a.RequestMappingHandlerMapping [0; 39m [2m:[0; 39m   映射到公众   org.springframework.http.ResponseEntity>   org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)   [2m2019-10-15 12:25:49.605 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m   [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m   [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m   给定[ / ]并支持[application / json,   application / + json,application / json,application / + json]   [2m2019-10-15 12:25:49.608 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m   [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m   [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m   写作[{timestamp = Tue Oct 15 12:25:49 CEST 2019,status = 403,   错误=禁止,消息=访问被拒绝,路径= /(被截断)...]   [2m2019-10-15 12:25:49.661 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m   [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m   [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m   从“错误”分发中退出,状态为403

1 个答案:

答案 0 :(得分:1)

尝试.antMatchers(HttpMethod.POST,"/api/users/login").permitAll(),还请注意您拥有.antMatchers("/api/users/login/"),并且是在antMatchers中请求/api/users/login注意 extra / 的请求。

您还可以使用configure(WebSecurity web)来绕过here中所述的Spring Security过滤器链

相关问题
最新问题