【问题标题】:H2 Console connection forbidden by spring security弹簧安全禁止H2控制台连接
【发布时间】:2021-03-15 17:31:03
【问题描述】:

所以我正在使用 spring boot 开发一个应用程序,但我无法访问我的 h2 控制台。我可以正常登录并进入 /h2,但是当我点击连接时,我得到一个 403。我不确定为什么会这样。

我看到这里有人无法访问 h2 的 URL 位置(在本例中为 /h2),但我访问 h2 的登录页面没有问题。特别是,我得到一个 403 Whitelabel 页面,所以我假设这与弹簧安全性有关。如果有人能给我一些建议,我将不胜感激。

这是我的网络安全配置类:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/h2/**");
    }
}

我的主应用程序类:

import com.example.demo.AppDevProjectApplication;
import com.example.entities.Director;
import com.example.entities.DirectorDao;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;



@ComponentScan({"com.example"})
@EnableJpaRepositories
@SpringBootApplication
public class MainApp implements CommandLineRunner {

    @Autowired
   static DirectorDao directorDao;

    public static void main(String[] args) {
        SpringApplication.run(AppDevProjectApplication.class, args);
    }

    @Override
    public void run(String... args) throws Exception {


    }
}

还有我的pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.4.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>ie.fiach</groupId>
    <artifactId>appdev</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>AppDevProject</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>15</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        </dependency>

        <!-- https://mvnrepository.com/artifact/org.springframework/spring-jdbc -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>5.3.1</version>
        </dependency>


        <dependency>

            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>



        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.4.0</version>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>14</source>
                    <target>14</target>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

【问题讨论】:

    标签: spring spring-boot spring-mvc spring-security h2


    【解决方案1】:

    如果只有/h2 的访问权限应该是公开的,请尝试以下安全配置:

    @Configuration
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
      @Override
      protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests(authorize -> authorize.mvcMatchers("/h2/**").permitAll()
            .anyRequest().authenticated());
      }
    }
    

    【讨论】:

    • 我试过了,但似乎没有用!看到我可以访问 /h2 目录,但是当我点击连接(在 h2 控制台屏幕中进行测试连接等)时,它会给我一个 403。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2023-01-03
    • 2019-03-03
    • 2014-08-30
    • 2016-10-06
    • 2019-02-12
    • 2018-09-08
    • 1970-01-01
    相关资源
    最近更新 更多