Spring Security 403 http状态
我正在Spring Boot 2.0.1项目上实现Spring Security。
我有一些Web服务在Spring Security实施之前可以正常工作。但是现在,他们没有。
这是REST客户端中显示的错误消息。
{
"timestamp": "2018-07-27T11:14:40.080+0000",
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/lsm/notification/getCurrentUserNotifications"
}
和谷歌浏览器上的相同错误:
下面是列出服务的控制器:
package com.sap.lsm.web;
import java.util.List;
import java.util.Random;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.sap.lsm.dao.NotifiedUserRepository;
import com.sap.lsm.dao.UserNotificationRepository;
import com.sap.lsm.entities.NotifiedUser;
import com.sap.lsm.entities.UserNotification;
import com.sap.lsm.service.UserNotificationService;
@RestController
public class UserNotificationController {
@Autowired
private UserNotificationService userNotificationService;
@Autowired
private UserNotificationRepository userNotificationRepository;
@RequestMapping(value="/notification/getCurrentUserNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotifs() {
return userNotificationService.getCurrentUserAllNotifications();
}
@RequestMapping(value="/notification/getCurrentUserNotSeenNotifications", method=RequestMethod.GET)
public List<UserNotification> getCurrentUserNotSeenNotifs() {
return userNotificationService.getCurrentUserNotSeenNotifications();
}
@RequestMapping(value="/notification/deleteNotification/{id}", method=RequestMethod.DELETE)
public void deleteNotification(@PathVariable("id") Long id){
userNotificationService.deleteNotification(id);
}
@RequestMapping(value="/notification/getNotification/{id}", method=RequestMethod.GET)
public UserNotification getNotification(@PathVariable("id") Long id) {
UserNotification notification = this.userNotificationService.getNotification(id);
if(!notification.equals(null)) {
notification.setStatus("seen");
userNotificationRepository.save(notification);
}
return notification;
}
@RequestMapping(value="/notification/markCurrentUserNotificationsAsSeen", method=RequestMethod.GET)
public void markCurrentUserNotificationsAsSeen() {
userNotificationService.markAllNotificationsAsSeen();
}
}
这是Spring Security Config:
package com.sap.lsm.config;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableGlobalMethodSecurity(prePostEnabled=true)
@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private RequestFilter requestFilter;
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
public SpringSecurityConfig(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
public void setbCryptPasswordEncoder(BCryptPasswordEncoder bCryptPasswordEncoder) {
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.logout().deleteCookies("JSESSIONID").invalidateHttpSession(true)
.and()
.authorizeRequests()
.antMatchers("/lsm/listCustomers").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/addCustomer").hasAnyAuthority("CONSULTANT")
.antMatchers("/lsm/getAllCustomers").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/getOldCustomers").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/getCustomers").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/getCustomer/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/deleteCustomer/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/cancelCustomer/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/restoreCustomer/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/updateCustomer/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/getLSMUsers").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/addLSMUser").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/getLSMUser/*").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/deleteLSMUser/*").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/cancelLSMUser/*").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/restoreLSMUser/*").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/updateLSMUser/*").hasAnyAuthority("ADMIN")
.antMatchers("/lsm/notification/getCurrentUserNotifications/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/notification/getCurrentUserNotSeenNotifications/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/notification/deleteNotification/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/notification/getNotification/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/lsm/notification/markCurrentUserNotificationsAsSeen/*").hasAnyAuthority("ADMIN","CONSULTANT")
.antMatchers("/assets/**","/login","/*").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilterBefore((Filter) new JWTAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(requestFilter, ChannelProcessingFilter.class);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
}
如果您需要JWT身份验证和授权过滤器,我将在稍后发布。
请帮助我, 谢谢
**更新**
连接的用户的角色是ADMIN。
/ lsm路径在pom.xml中声明为属性,如下所示:
<m2eclipse.wtp.contextRoot>/lsm</m2eclipse.wtp.contextRoot>
此根路径用于在Jenkins(集成服务器)下运行应用程序
0 个答案:
没有答案
相关问题
- AngularJs routeProvider http状态403
- HTTP状态403 - 未找到预期的CSRF令牌
- spring-oauth2:HTTP状态403 - 拒绝访问
- HTTP状态403 - 访问被拒绝Spring security
- HTTP状态[403]。 Spring MVC和Apache Tomcat 8.5.15
- “状态”:403,“错误”:“禁止”,“消息”:“禁止”,“路径”:“ / post / create”
- Spring Security 403 http状态
- Spring Security-j_spring_security_check-HTTP状态403
- 字符串启动REST安全错误:类型=禁止,状态= 403
- Spring @WebMvcTest DELETE请求返回状态403
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?