【发布时间】:2021-08-01 08:32:29
【问题描述】:
我正在向我的 Spring 应用程序添加一个新端点。我正在使用 Spring Security 从 JWT 检查角色并授予访问权限。但是,现在我什至没有检查角色,我允许所有人使用 URL。我已经有三个端点POST 可以按预期工作。第四个端点GET 方法是我遇到问题的地方。
请检查以下配置,如果我遗漏了什么,请告诉我。
免责声明:我从这个配置类中删除了 bean 和依赖注入对象,以显示我遇到问题的地方。
@EnableWebSecurity
@ComponentScan(value = {"com.mywebsite.framework.security", "com.mywebsite.utility"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(crossPlatformFilter, SessionManagementFilter.class)
.csrf().disable()
.authorizeRequests()
// WORKS AS EXPECTED
.antMatchers(HttpMethod.POST, "/mywebsite/v1/something_1").permitAll()
// WORKS AS EXPECTED
.antMatchers(HttpMethod.POST, "/mywebsite/v1/something_2").permitAll()
// WORKS AS EXPECTED
.antMatchers(HttpMethod.POST, "/mywebsite/v1/something_3").permitAll()
// NOT WORKING, RETURNS 401 Http Code
.antMatchers(HttpMethod.GET, "/mywebsite/v1/something_4").permitAll() //TODO: Not Working, returning 401
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class).authorizeRequests();
}
}
我刚刚添加了第四个.antMatchers(),不知道为什么,返回401。前三个.antMatchers() 没有任何问题。
有没有人和我一样的问题?
我只是再添加一个端点作为 GET。
日志:
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository.readSecurityContextFromSession 167 -- No HttpSession currently exists
w.c.HttpSessionSecurityContextRepository.loadContext 117 -- No SecurityContext was available from the HttpSession: null. A new one will be created.
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.m.AntPathRequestMatcher.matches 157 -- Request 'GET /mywebsite/v1/something_4' doesn't match 'POST /logout'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.s.w.u.m.AntPathRequestMatcher.matches 157 -- Request 'GET /mywebsite/v1/something_4' doesn't match 'POST /login'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 7 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
o.s.s.w.u.m.AntPathRequestMatcher.matches 177 -- Checking match of request : '/mywebsite/v1/something_4'; against '/logout'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.s.w.s.HttpSessionRequestCache.getMatchingRequest 95 -- saved request doesn't match
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter.doFilter 100 -- Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@bddba886: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
o.s.s.w.s.SessionManagementFilter.doFilter 124 -- Requested session ID 17C1F2C0B0E165F7DCF87E14CDB0F6DA is invalid.
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /mywebsite/v1/something_4 at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.a.i.AbstractSecurityInterceptor.beforeInvocation 219 -- Secure object: FilterInvocation: URL: /mywebsite/v1/something_4; Attributes: [authenticated]
o.s.s.a.i.AbstractSecurityInterceptor.authenticateIfRequired 348 -- Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@bddba886: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
o.s.s.a.v.AffirmativeBased .decide 66 -- Voter: org.springframework.security.web.access.expression.WebExpressionVoter@56253eba, returned: -1
o.s.s.w.a.ExceptionTranslationFilter.handleSpringSecurityException 180 -- Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.3.8.RELEASE.jar:5.3.8.RELEASE]
...........
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using Ant [pattern='/**', GET]
o.s.s.w.u.m.AntPathRequestMatcher.matches 167 -- Request '/mywebsite/v1/something_4' matched by universal pattern '/**'
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.*']]
o.s.s.w.u.m.AntPathRequestMatcher.matches 177 -- Checking match of request : '/mywebsite/v1/something_4'; against '/**/favicon.*'
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 210 -- Ignoring
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 231 -- Did not match any media types
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 210 -- Ignoring
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 231 -- Did not match any media types
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 210 -- Ignoring
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 231 -- Did not match any media types
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 73 -- All requestMatchers returned true
o.s.s.w.s.HttpSessionRequestCache.saveRequest 61 -- DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/mywebsite/v1/something_4]
o.s.s.w.a.ExceptionTranslationFilter.sendStartAuthentication 211 -- Calling Authentication entry point.
s.w.a.DelegatingAuthenticationEntryPoint.commence 78 -- Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = true
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 210 -- Ignoring
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 231 -- Did not match any media types
o.s.s.w.u.m.AndRequestMatcher .matches 69 -- Did not match
s.w.a.DelegatingAuthenticationEntryPoint.commence 78 -- Trying to match using OrRequestMatcher [requestMatchers=[RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]]
o.s.s.w.u.m.OrRequestMatcher .matches 65 -- Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
o.s.s.w.u.m.OrRequestMatcher .matches 65 -- Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]
o.s.s.w.u.m.AndRequestMatcher .matches 66 -- Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 223 -- text/html .isCompatibleWith */* = true
o.s.s.w.u.m.NegatedRequestMatcher.matches 51 -- matches = false
o.s.s.w.u.m.AndRequestMatcher .matches 69 -- Did not match
o.s.s.w.u.m.OrRequestMatcher .matches 65 -- Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5bb661e0, matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 203 -- httpRequestMediaTypes=[*/*]
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 207 -- Processing */*
o.s.s.w.u.m.MediaTypeRequestMatcher.matches 216 -- isEqualTo true
o.s.s.w.u.m.OrRequestMatcher .matches 68 -- matched
s.w.a.DelegatingAuthenticationEntryPoint.commence 83 -- Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@3d3e9163
s.w.a.DelegatingAuthenticationEntryPoint.commence 78 -- Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
s.w.a.DelegatingAuthenticationEntryPoint.commence 91 -- No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@4da27f00
o.s.s.w.h.w.HstsHeaderWriter .writeHeaders 169 -- Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2784c3cd
tRepository$SaveToSessionResponseWrapper.saveContext 346 -- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
tRepository$SaveToSessionResponseWrapper.saveContext 346 -- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter.doFilter 119 -- SecurityContextHolder now cleared, as request processing completed
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository.readSecurityContextFromSession 179 -- HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository.loadContext 117 -- No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@591f2d03. A new one will be created.
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.m.AntPathRequestMatcher.matches 157 -- Request 'GET /error' doesn't match 'POST /logout'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.s.w.u.m.AntPathRequestMatcher.matches 157 -- Request 'GET /error' doesn't match 'POST /login'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 7 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.s.w.s.DefaultSavedRequest .propertyEquals 359 -- pathInfo: both null (property equals)
o.s.s.w.s.DefaultSavedRequest .propertyEquals 359 -- queryString: both null (property equals)
o.s.s.w.s.DefaultSavedRequest .propertyEquals 383 -- requestURI: arg1=/mywebsite/v1/something_4; arg2=/error (property not equals)
o.s.s.w.s.HttpSessionRequestCache.getMatchingRequest 95 -- saved request doesn't match
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter.doFilter 100 -- Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@bddba886: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: EC7B42A8FB862A6AEBDC3CD49485BEE9; Granted Authorities: ROLE_ANONYMOUS'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 328 -- /error at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
.s.w.FilterChainProxy$VirtualFilterChain.doFilter 313 -- /error reached end of additional filter chain; proceeding with original chain
tRepository$SaveToSessionResponseWrapper.saveContext 346 -- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
o.s.s.w.a.ExceptionTranslationFilter.doFilter 120 -- Chain processed normally
tRepository$SaveToSessionResponseWrapper.saveContext 346 -- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter.doFilter 119 -- SecurityContextHolder now cleared, as request processing completed
【问题讨论】:
-
您的完整调试日志在哪里,包括您提出的请求,这里有些内容您没有透露。调试日志会告诉我们什么。
-
@Toerktumlare 我已经更新了日志...没有正文,因为是
GET。回复:{ "timestamp": "2021-07-30T00:52:25.352+00:00", "status": 401, "error": "Unauthorized", "message": "", "path": "/mywebsite/v1/something_4" } -
不要在 cmets 中写代码,它完全不可读
-
谢谢@dur ....这就是问题:) ...但这不是因为构建或重新启动IDE ...就像你说的那样,安全配置没有加载...我没有加载 WebConfig java 类.....我将它添加到我的服务配置中的
@Import(...)并且成功了 :)
标签: java spring spring-security