Spring Security antMatchers许可全部不起作用

时间:2019-05-09 08:44:59

标签: spring-mvc kotlin spring-security

Spring Security antMatcher许可全部无法正常工作。

我正在使用Kotlin运行Spring Boot应用程序 当我尝试访问

/service-status/v1/task/status

我已在以下代码中将这个网址添加到ant matcher允许中

它给了我未经授权的错误

@Configuration
@EnableWebSecurity
class SecurityConfig(val authenticationEntryPoint: AuthenticationEntryPoint) : WebSecurityConfigurerAdapter() {

    @Autowired
    @Throws(Exception::class)
    fun configureGlobal(auth: AuthenticationManagerBuilder) {
        auth.inMemoryAuthentication()
                .withUser("user").password(passwordEncoder().encode("pass"))
                .authorities("ROLE_USER")
    }

    @Throws(Exception::class)
    override fun configure(http: HttpSecurity?) {
        http?.csrf()?.disable()
                ?.authorizeRequests()
                ?.antMatchers(
                        "/",
                        "/service-status/v1/task/status",
                        "/*.html",
                        "/*.js",
                        "/favicon.ico",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.png",
                        "/webjars/**",
                        "/configuration/**",
                        "/v2/**",
                        "/swagger-resources/**",
                        "/**/*.js")?.permitAll()
                ?.anyRequest()?.authenticated()
                ?.and()
                ?.httpBasic()
                ?.authenticationEntryPoint(authenticationEntryPoint)
    }


    @Bean
    fun passwordEncoder(): PasswordEncoder {
        return BCryptPasswordEncoder()
    }


}

出现以下错误

{
    "timestamp": "2019-05-09T08:37:25.976+0000",
    "status": 401,
    "error": "Unauthorized",
    "message": "Unauthorized",
    "path": "/service-status/v1/task/status"
}

身份验证入口点

@Component
class AuthenticationEntryPoint : BasicAuthenticationEntryPoint(){
    override fun commence(request: HttpServletRequest?, response: HttpServletResponse?, authException: AuthenticationException?) {
        response?.addHeader("WWW-Authenticate", "Basic realm=$realmName")
        response?.status = HttpServletResponse.SC_UNAUTHORIZED
        response?.writer?.println("HTTP Status 401 - " + authException?.message)
    }

    override fun afterPropertiesSet() {
        realmName = "service-status"
        super.afterPropertiesSet()
    }
}

如何解决此问题?

1 个答案:

答案 0 :(得分:0)

我已经在其下面添加了两行波纹管

.antMatchers("/service-status/v1/task/status").permitAll()
.antMatchers("/service-status/v1/task/status/**").permitAll()

完整格式

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                .antMatchers(
                        HttpMethod.GET,
                        "/",
                        "/csrf",
                        "/service-status/v1/task/status",
                        "/swagger-ui.html",
                        "/*.html",
                        "/*.js",
                        "/favicon.ico",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.png",
                        "/webjars/**",
                        "/configuration/**",
                        "/v2/**",
                        "/swagger-resources/**",
                        "/**/*.js"
                ).permitAll()
                .antMatchers("/api/v1/auth/**").permitAll()
                .antMatchers("/service-status/v1/task/status").permitAll()
                .antMatchers("/service-status/v1/task/status/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .httpBasic();
        http.headers().cacheControl();
    }
相关问题
最新问题