【发布时间】:2017-05-10 17:54:00
【问题描述】:
我正在使用 Spring Boot 安全性作为我的宁静服务的 ACL。 安全适配器如下
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableRedisHttpSession
@Order(2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and().csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().userDetailsService(userDetailsService);
}
}
userdetailservice的快照
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Yuangong yuangong = yuangongService.getYuangongByNo(username).getData();
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<SimpleGrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ALL"));
return new User(yuangong.getNo(), yuangong.getPassword(), grantedAuthorities);
}
@RestController注解的端点,端点中的方法如
@RestController
@RequestMapping(path = "/bumen")
public class BumenEndpoint {
// @PermitAll
@PreAuthorize("hasRole('ROLE_ALL')")
@RequestMapping(path = "/getBumenTreeList", method = RequestMethod.GET )
public HttpResult<List<Map<String, Object>>> getBumenTreeData(Principal principal) {
System.out.println(principal.getName());
return new HttpResult(bumenService.getBumenTreeList());
}
如果我使用@permitAll,它会找到并返回正确的 JSON 响应。如果使用@PreAuthorize("hasRole('ROLE_ALL')"),它可以通过身份验证并可以调试到这个方法,但是响应将被重定向到“/bumen/bumen/getBumenTreeList”(double '/bumen') 404 错误。 如果我不实现 BumenEndpoint,将不会被重定向并返回正确的响应。
我不确定是哪个部分导致了重定向。
【问题讨论】:
-
HttpResult是什么?
标签: spring-security