我对安全配置有一些疑问。我有建立在spring boot上的Web应用程序,并为UI使用angular 7。我创建了安全性,对其进行了配置,一切正常。在angular中,我使用proxy,它从“ localhost:9501”中的“ localhost:4200”转换URL。
{
"/api/*":{
"target": "http://localhost:9501",
"secure": false,
"logLevel": "debug"
}
}
在后端,我有启动控制器。
@Controller
public class StartController {
@RequestMapping({"/ui/**"})
public String redirect() {
return "forward:/index.html";
}
}
但是当我在我的Spring Boot应用程序中集成angular时,我遇到了问题。当我在“(/ * *)。permitAll()”中写入内容时,一切正常,并且可以正常工作。但是当我尝试“(/ api / auth / **)。permittAll()”时,我遇到了麻烦“需要完全身份验证才能访问此资源”。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsServiceImpl;
@Autowired
private JwtAuthEntryPoint unauthorizedHandler;
public JwtAuthTokenFilter authenticationJwtTokenFilter() {
return new JwtAuthTokenFilter();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().and().cors().disable()
.authorizeRequests()
// .antMatchers("/**").permitAll()
//.antMatchers("/home").permitAll()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}