我有以下配置:
@Configuration
@EnableWebSecurity
class SignInSecurityConfig(
val authenticationEntryPoint: AppAuthenticationEntryPoint
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/sign_in", "/users/sign_up").permitAll()
.anyRequest().authenticated()
http.addFilterBefore(JwtAuthorizationFilter(), UsernamePasswordAuthenticationFilter::class.java)
}
}
目前,JwtAuthorizationFilter
只是记录一些信息并调用chain.doFilter
现在,一些有趣的事情正在发生:
1)当我致电/users/sign_up
注册过程被触发时,尝试注册用户,如果成功,则返回201
,如果不成功,则返回401
而不是500
(在我的情况下,我想要返回500)
2)当我致电/sign_in
时,我只是得到401
,没有错误,没有记录,没有。
3)JwtAuthorizationFilter
虽然位于过滤器列表中,但从不会被调用。
4)过滤器链看起来很奇怪:
2018-05-21 14:58:22.318 INFO 2339 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/users/sign_up'], []
2018-05-21 14:58:22.484 INFO 2339 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@46b2cadf, org.springframework.security.web.context.SecurityContextPersistenceFilter@e41e9a9, org.springframework.security.web.header.HeaderWriterFilter@733dea73, org.springframework.security.web.csrf.CsrfFilter@59140203, org.springframework.security.web.authentication.logout.LogoutFilter@6e8e5936, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@52fb6fa5, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@497c75f3, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@10a4663e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2cfbcfd6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5aa01db1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@fe39081, org.springframework.security.web.session.SessionManagementFilter@47da14ce, org.springframework.security.web.access.ExceptionTranslationFilter@376d0f3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@797b0e0c]
为什么会发生这种情况?
我正在使用Spring Boot 2.0.2和默认依赖版本
答案 0 :(得分:0)
尝试
.antMatchers(HttpMethod.GET,"/sign_in").permitAll().and()
.antMatchers(HttpMethod.GET, "/users/sign_up").permitAll().and()
.anyRequest().authenticated()