我正在使用spring boot security作为我的restful服务的ACL。 安全适配器如下
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableRedisHttpSession
@Order(2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and().csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().userDetailsService(userDetailsService);
}
}
userdetailservice的快照
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Yuangong yuangong = yuangongService.getYuangongByNo(username).getData();
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<SimpleGrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ALL"));
return new User(yuangong.getNo(), yuangong.getPassword(), grantedAuthorities);
}
由@RestController注释的端点,以及端点中的方法,如
@RestController
@RequestMapping(path = "/bumen")
public class BumenEndpoint {
// @PermitAll
@PreAuthorize("hasRole('ROLE_ALL')")
@RequestMapping(path = "/getBumenTreeList", method = RequestMethod.GET )
public HttpResult<List<Map<String, Object>>> getBumenTreeData(Principal principal) {
System.out.println(principal.getName());
return new HttpResult(bumenService.getBumenTreeList());
}
如果我使用@permitAll,它可以找到并返回正确的JSON响应。如果使用@PreAuthorize(“hasRole('ROLE_ALL')”),它可以传递auth并可以调试到这个方法,但响应将被重定向到“/ bumen / bumen / getBumenTreeList”(double'/ bumen') 404错误。 如果我没有实现BumenEndpoint,则不会重定向并返回正确的响应。
我不确定哪个部分会导致重定向。
答案 0 :(得分:2)