我正在尝试将带有角度2代码的弹簧启动部署到war包
我的springboot代码包含JWT Spring安全性,
Whitelabel错误页面此应用程序没有明确的映射 /错误,所以你看到这是一个后备。
Thu Mar 01 18:26:53 IST 2018出现意外错误(type = Not 找到了,状态= 404)。没有可用的消息
我不知道Spring JWT安全性有什么问题,所以,如果有人知道这个问题,请帮帮我
网络安全:
package com.boot.hms.security;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@CrossOrigin
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private BCryptPasswordEncoder bCryptPasswordEncoder;
public WebSecurity(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager());
authenticationFilter.setFilterProcessesUrl("/hms/auth");
http .cors().and().csrf().disable().authorizeRequests().antMatchers("/hms/fetchmeta/*", "/hms/registration/*").permitAll()
.anyRequest().authenticated().and().addFilter(authenticationFilter)
.addFilter(new AuthorizationFilter(authenticationManager()))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
System.out.println("<....Web Security......>");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
}
POM XML:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.boot</groupId>
<artifactId>hms</artifactId>
<version>1</version>
<packaging>war</packaging>
<name>version</name>
<description>Hospital Management System</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.10.RELEASE</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<start-class>com.programmer.gate.HmsApplication</start-class>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<webResources>
<resource>
<directory>D:\hmsDeployment\dist</directory>
</resource>
</webResources>
</configuration>
</plugin>
</plugins>
</build>
</project>
主要课程:
package com.boot.hms;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Import;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.boot.hms.security.WebSecurity;
@CrossOrigin
@Import(WebSecurity.class)
@SpringBootApplication
@ComponentScan(basePackages="com.boot.hms")
public class HmsApplication extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(HmsApplication.class);
}
public static void main(String[] args) {
SpringApplication.run(HmsApplication.class, args);
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
属性文件:
#Database
spring.datasource.url= jdbc:mysql://192.168.12.112:3306/hms
spring.datasource.username=root
spring.datasource.password=root
#Server
#server.contextPath=/hms
#server.port = 8080
#JPA
spring.jpa.show-sql = true
spring.jpa.hibernate.ddl-auto = update
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5Dialect
spring.autoconfigure.exclude=SecurityAutoConfiguration
#security.user.name=admin
#security.user.password=admin
security.basic.enabled=false
spring.jackson.serialization.FAIL_ON_EMPTY_BEANS=false
spring.jackson.deserialization.accept-empty-string-as-null-object=true
答案 0 :(得分:1)
<强>解决方案
由于您的自定义安全配置类(WebSecurity)
您没有明确声明基本网址的“全民免费”规则,/(Angular应用程序将会生效!)。在这里,我假设基本网址为/,如果不能使此答案适用于您的基本真实网址。
因此,在 WebSecurity 中,通过更改此内容添加上述规则:
//...omitted code for brevity
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/hms/fetchmeta/*", "/hms/registration/*").permitAll()
//...omitted code for brevity
到
//...omitted code for brevity
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/hms/fetchmeta/*", "/hms/registration/*", "/") // <--Notice here the base url added to the "free for all" rule!
.permitAll()
//...omitted code for brevity
但是...... 为什么会发生这种错误?!
嗯,正如您所评论的那样,显式错误是
Whitelabel错误页面此应用程序没有明确的映射 /错误,所以你看到这是一个后备。 Fri Mar 02 13:38:44 IST 2018出现意外错误(type = Forbidden,status = 403)。 访问被拒绝
这意味着当您尝试访问Angular应用程序(例如,位于基本URL的服务器视点,/)时,服务器会检测到您尚未登录,因此它会抛出一个403 Forbidden。这通常会显示在Spring Boot应用程序的错误页面中......并且由于您没有此路由的映射/error,(您在src/main/resources/static/error/403.html下的文件都不正常显示此错误),然后您会看到您向我展示的这个“后备”消息。
<强>建议
由于现在基本网址/对所有人都是免费的,因此您的服务(由Spring Boot提供)应该以{{1}}或类似的方式作为前缀,以防止对它们进行免费访问。< / p>
<强>参考
如果你想要一个引用,请检查这个Security Config,这正是你正在尝试做的事情(它属于一个部署 Spring Boot + Angular打包为战争的项目项目)