如何启用Spring安全身份验证?

时间:2018-03-22 13:33:38

标签: spring-boot spring-security

我使用spring security 5和spring boot 2.0.0

我想用permitAll进行用户身份验证,但它不起作用。我想访问" localhost:9090 / hello"但总是被重定向到" localhost:9090 / login"。

如何使用spring security进行用户身份验证?

我配置了WebSecurity,如下所示。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/hello").permitAll()
            .anyRequest().authenticated();
        }
    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        UserDetails user =
             User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(user);
    }
}

/src/main/resources/application.properties

server.port=9090
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/dev_db
spring.datasource.username=sa
spring.datasource.password=
spring.flyway.url=jdbc:mysql://localhost:3306/dev_db
spring.flyway.user=sa
spring.flyway.password=
spring.flyway.baselineVersion=1
spring.flyway.baseline-on-migrate=false
spring.messages.basename=messages
spring.messages.cache-duration=-1
spring.messages.encoding=UTF-8
spring.security.user.name=user
spring.security.user.password=password
logging.level.org.springframework.security=DEBUG

/src/main/resources/templates/hello.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
    <head><title>Hello World!</title></head>
    <body>
        <h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
        <form th:action="@{/logout}" method="post">
            <input type="submit" value="Sign Out"/>
        </form>
    </body></html> 

/src/main/resources/templates/login.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<title>Login page</title>
</head><body>
<h1>Login page</h1>
<p>Example user: user / password</p>
<form th:action="@{/login}" method="post">
    <p th:if="${loginError}"><em>Username or password is wrong.</em></p>
    <p><label for="username">Username</label>:
       <input type="text" id="username" name="username" autofocus="autofocus" /></p>
    <p><label for="password">Password</label>:
       <input type="password" id="password" name="password" /></p>
    <p><input type="submit" value="Log in" /></p>
</form>
<p><a th:href="@{/signup}">Sign up</a></p>
<p><a th:href="@{/}">Back to index</a></p></body></html>

build.gradle如下所示

buildscript {
    ext {
        springBootVersion = '2.0.0.RELEASE'
    }
    repositories {
        mavenCentral()
        maven { url "https://repo.spring.io/snapshot" }
        maven { url "https://repo.spring.io/milestone" }
        maven { url 'http://jcenter.bintray.com' }
        maven { url 'https://mvnrepository.com/artifact/com.opencsv/opencsv' }
    }
    dependencies {
        classpath("io.spring.gradle:dependency-management-plugin:1.0.4.RELEASE")
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
        classpath("mysql:mysql-connector-java:5.1.45")
        classpath ("org.junit.platform:junit-platform-gradle-plugin:1.1.0")
    }
}

plugins {
    id "org.flywaydb.flyway" version "5.0.6"
}

flyway {
    url = "jdbc:mysql://localhost:3306/dev_db"
    user = "sa"
    password = ""
}

apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'org.springframework.boot'
apply plugin: 'org.junit.platform.gradle.plugin'

group = 'com.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8

repositories {
    maven { url "https://repo.spring.io/snapshot" }
    maven { url "https://repo.spring.io/plugins-release" }
    maven { url "https://repo.spring.io/milestone" }
    maven { url "https://repository.jboss.org/nexus/content/repositories/releases" }
    mavenCentral()
}
allprojects {
     gradle.projectsEvaluated {
        tasks.withType(JavaCompile) {
               options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
       }
   }
}
dependencies {
    compile('org.springframework.boot:spring-boot-starter-aop')
    compile('org.springframework.boot:spring-boot-starter-hateoas')
    compile('org.springframework.boot:spring-boot-starter-thymeleaf')
    compile('org.springframework.boot:spring-boot-starter-web')
    compile('org.springframework.boot:spring-boot-starter-webflux')
    compile('org.springframework.boot:spring-boot-starter-jdbc')
    compile('org.springframework.data:spring-data-commons')
    compile('org.springframework.boot:spring-boot-starter-data-jpa')
    compile("org.springframework.boot:spring-boot-starter-security")
    compile('org.flywaydb:flyway-core:5.0.7')
    compile('org.flywaydb.flyway-test-extensions:flyway-spring5-test:5.0.0')
    compile('mysql:mysql-connector-java:5.1.45')
    compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.1')
    compile('org.slf4j:slf4j-api:1.7.+')
    compile('org.slf4j:log4j-over-slf4j:1.7.+')
    compile('org.slf4j:jcl-over-slf4j:1.7.+')
    compile('net.sf.dozer:dozer:5.5.1')
    compile('ch.qos.logback:logback-classic:1.2.3')
    compile('com.opencsv:opencsv:4.1')
    compile ('com.fasterxml.jackson.core:jackson-databind')
    runtime('org.springframework.boot:spring-boot-devtools')
    runtime('mysql:mysql-connector-java:5.1.45')
    testCompile('org.springframework.boot:spring-boot-starter-test')
    testCompile('io.projectreactor:reactor-test')
    testRuntime("org.junit.jupiter:junit-jupiter-engine")
    testRuntime('mysql:mysql-connector-java:5.1.45')
}

我有一个测试配置文件。

package com.example;

@Configuration
@ComponentScan(basePackages = {"com.example"})
public class TestWebConfig implements WebMvcConfigurer, ApplicationContextAware {
    private ApplicationContext applicationContext;
    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}

我有springBootApplication文件。

@EntityScan({"com.example.stock","com.example.item"})
@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})
public class WebApplication {
    public static void main(String[] args) {
        SpringApplication.run(WebApplication.class, args);
    }
    @Bean
    public MessageSource messageSource() {
        ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
        messageSource.setBasename("classpath:messages");
        messageSource.setDefaultEncoding("UTF-8");
        return messageSource;
    }
    @Bean
    public LocalValidatorFactoryBean validator() {
        LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();
        bean.setValidationMessageSource(messageSource());
        return bean;
    }
}

安全日志在

之下
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /logout
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /login
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 8 of 14 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - pathInfo: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - queryString: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - requestURI: arg1=/; arg2=/hello (property not equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /hello; Attributes: [authenticated]
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@a3ce3d, returned: -1
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:204)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/hello' matched by universal pattern '/**'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/hello'; against '/**/favicon.ico'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing */*;q=0.8
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Ignoring
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Did not match any media types
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:9090/hello]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xhtml+xml .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - image/* .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/html .isCompatibleWith text/html = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@816fe85
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:9090/login'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.348 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /logout
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

1 个答案:

答案 0 :(得分:1)

您的安全配置似乎根本没有被提取。

@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})

在你的主要课程中。您的安全配置位于包com.example中。因此,不会创建此类的bean,也不会应用配置。