春季安全+休息不起作用

【问题标题】:spring security + rest doesn't work春季安全+休息不起作用
【发布时间】:2017-03-08 01:20:42
【问题描述】:

我已经配置了所有属性,但是我的应用仍然在没有弹簧安全的情况下加载,就好像它不存在一样......请帮助我,我做错了什么。

我在这里得到我的房间,没有邮递员的身份验证:

以下是我的课程:

安全配置:

package com.vidaflo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
@ComponentScan("com.vidaflo")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("tom").password("abc123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests().antMatchers("/room/**").hasRole("ADMIN")
                .and()
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

SecurityInitializer:

package com.vidaflo.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

网页配置:

package com.vidaflo.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.vidaflo.controllers")
public class WebConfiguration extends WebMvcConfigurationSupport {
}

Tomcat 嵌入:

package com.vidaflo.server;

import com.vidaflo.config.ApplicationConfiguration;
import com.vidaflo.config.DatabaseConfiguration;
import com.vidaflo.config.SecurityConfiguration;
import com.vidaflo.config.WebConfiguration;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.startup.Tomcat;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;

@Slf4j
public class Application {
    private static final String APPLICATION_PROPERTIES = System.getProperty("app.properties");
    private static final int DEFAULT_PORT = 8080;
    private static final String DEFAULT_CONTEXT_PATH = "/app";

    private AppProperties appProperties;
    private AnnotationConfigWebApplicationContext ctx;

    public static void main(String[] args) throws LifecycleException {
        Application app = new Application(APPLICATION_PROPERTIES);
        Server server = new TomcatServer(new Tomcat());
        app.run(server);
    }

    public Application(String fieldName) {
        loadProperties(fieldName);
    }

    public void run(Server server) {
        initApplicationContext();
        server.run(getConfig());
    }

    private void loadProperties(String fieldName) {
        appProperties = new AppProperties();
        appProperties.load(fieldName);
    }

    private void initApplicationContext() {
        log.info("Initialize application context...");

        ctx = new AnnotationConfigWebApplicationContext();
        ctx.register(SecurityConfiguration.class);
        ctx.register(ApplicationConfiguration.class);
        ctx.register(WebConfiguration.class);
        ctx.register(DatabaseConfiguration.class);
        ctx.getEnvironment()
            .getPropertySources()
            .addLast(new PropertiesPropertySource("applicationEnvironment", appProperties.getProperties()));
    }

    private ServerConfig getConfig() {
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.setPort(appProperties.getPort(DEFAULT_PORT));
        serverConfig.setContextPath(appProperties.getContextPath(DEFAULT_CONTEXT_PATH));
        serverConfig.setServlet(getServlet());
        return serverConfig;
    }

    private DispatcherServlet getServlet() {
        return new DispatcherServlet(ctx);
    }
}

休息控制器:

package com.vidaflo.controllers;

import com.vidaflo.dto.RoomDto;
import com.vidaflo.model.location.Room;
import com.vidaflo.repositories.LocationRepository;
import com.vidaflo.services.RoomService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;
import java.util.stream.Collectors;

@RestController
public class RoomController {
    @Autowired
    private RoomService roomService;

    @Autowired
    private LocationRepository locationService;

    @PostMapping("/room/save")
    public String save(@RequestParam(name = "name") String name,
                       @RequestParam(name = "location_id") Long locationId) {
        roomService.save(name, locationService.findOne(locationId));
        return "room added";
    }

    @GetMapping("/room/all")
    public List<RoomDto> findAll() {
        return roomService.findAll().stream()
                .map(this::toDto)
                .collect(Collectors.toList());
    }

    private RoomDto toDto(Room room) {
        return RoomDto.builder()
                .id(room.getId())
                .name(room.getName())
                .build();
    }
}

请告诉我是否应该添加其他详细信息。我确实需要帮助,但我不明白自己做错了什么。

【问题讨论】:

  • @KimAragonEscobar 是的,我已经尝试过"/**" 和很多其他方法,但它仍然不起作用
  • 我将@Secured({"ROLE_ADMIN"})(我也尝试过@Secured("ADMIN"))添加到控制器方法,并将@EnableGlobalMethodSecurity(securedEnabled = true) 添加到SecurityConfiguration 类,但现在我有一个异常security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext ;(

标签: java rest spring-mvc spring-security basic-authentication


【解决方案1】:

找到答案,我们应该像这样在tomcat嵌入式配置中手动添加spring security过滤器:

FilterDef filterDef = new FilterDef();
        filterDef.setFilterName("springSecurityFilterChain");
        filterDef.setFilterClass("org.springframework.web.filter.DelegatingFilterProxy");
        container.addFilterDef(filterDef);

        FilterMap filterMapping = new FilterMap();
        filterMapping.setFilterName("springSecurityFilterChain");
        filterMapping.addURLPattern("/*");
        container.addFilterMap(filterMapping);

【讨论】:

    【解决方案2】:

    尝试在configureGlobalSecurity方法和枚举“Roles”中将角色“ADMIN”“USER”更改为“ROLE_ADMIN”“ROLE_USER”,但在configure方法中不要更改。

    【讨论】:

    • 我们不能在 configure global security method 中使用前缀为 ROLE_ 的角色。好吧,我试过了,有异常:`ROLE_ADMIN 不能以 ROLE_ 开头(它是自动添加的)
    猜你喜欢
    • 1970-01-01
    • 2016-08-20
    • 1970-01-01
    • 1970-01-01
    • 2013-02-02
    • 1970-01-01
    • 2016-11-06
    • 2015-12-16
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode