发表新帖
发表新帖

Spring security AntMatcher is not working

前端 未结
关注
2 1302
情深已故
情深已故 2021-01-27 05:47

This is the way I have configured spring security, in controller I\'m getting ROLE_ANONYMOUS as authority. Looks like security is not intercepting the request and checking for J

相关标签:
2条回答
  • 隐瞒了意图╮
    2021-01-27 06:22

    Try WebSecurityConfigurerAdapter, you can refer to my demo below. I have customed some filters for validation, If you don't need just remove it.

    @Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.addFilterBefore(new CaptchaAuthenticationFilter("/login", "/login?error2"), UsernamePasswordAuthenticationFilter.class);
        http.authorizeRequests()
                .antMatchers("/").hasRole("USER")
                .antMatchers("/index").hasRole("USER")
                .antMatchers("/message/*").hasRole("USER")
                .anyRequest().permitAll()
                .and().formLogin().loginPage("/login").defaultSuccessUrl("/index").failureUrl("/login?error1").permitAll()
                .and().rememberMe().tokenValiditySeconds(60*60*7).key("message")
                .and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").permitAll();
    }

    @Bean
    public AuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider authenticationProvider=new CustomAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsService());
        return authenticationProvider;
    }

    @Bean
    public UserDetailsService userDetailsService(){
        return new CustomUserDetailService();
    }

}
    0 讨论(0)
  • -上瘾入骨i
    2021-01-27 06:27

    What version of spring-boot and spring-security are you using?

    The @EnableResourceServer annotation adds a filter of type OAuth2AuthenticationProcessingFilter automatically to the Spring Security filter chain.

    So to your "extends ResourceServerConfigurerAdapter" be applyed before the OAuth2AuthenticationProcessingFilter, you'll need to annotate it with @Order (-1)

    @Configuration
@EnableResourceServer
@Order(-1)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
[...]
    0 讨论(0)
 看不清?
提交回复
热议问题