这是配置类:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${allowed-origins}")
String[] allowedOrigins;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable(); // To be able to see h2 console
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/api/transform-user").authenticated()
.anyRequest().permitAll()
.and()
.cors()
.and()
.httpBasic().realmName("RDF-TRANSFORMER")
.and()
.csrf().disable();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(Arrays.asList(allowedOrigins));
corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(Arrays.asList(("*")));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}
您可以看到我已将所有请求(除了对未认证用户启用的转换用户呼叫启用)。
但是当我调用端点/ api / identity时,会收到以下响应:
{"timestamp":"2020-05-29T10:35:47.058+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/api/identity"}
编辑:我刚刚看到在部署应用程序时收到此错误:
[2020.05.29 12:44:21] (Coverage): Error during class instrumentation: org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: java.lang.RuntimeException: java.io.IOException: Class not found
答案 0 :(得分:0)
安全配置顺序不正确。尝试以下一项-
Main.cs