spring - noHandlerFound Spring:具有 Spring 5.x 安全性的 Rest Service 以支持 JWT (Spring MVC)
问题描述
尝试访问路径时出现此错误。
WARNING [http-nio-8080-exec-5] org.springframework.web.servlet.DispatcherServlet.noHandlerFound No mapping found for HTTP request with URI [/portal/auth] in DispatcherServlet with name 'dispatcher'
我正在尝试更新我的应用程序以支持 Spring Security。我正在使用休眠和内存数据库(HSQLDB)。这是我的 WebSecurityConfigurerAdapter 配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackages = "com.portal.employee")
public class ApplicationConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
// Custom JWT based security filter
@Autowired
JwtAuthorizationTokenFilter authenticationTokenFilter;
@Value("${jwt.header}")
private String tokenHeader;
@Value("${jwt.route.authentication.path}")
private String authenticationPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtUserDetailsService)
.passwordEncoder(passwordEncoderBean());
}
@Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// Un-secure H2 Database
.antMatchers("/h2-console/**/**").permitAll()
.antMatchers("/portal/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
// allow anonymous resource requests
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
)
// Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
.and()
.ignoring()
.antMatchers("/h2-console/**/**");
}
}
我的 AbstractAnnotationConfigDispatcherServletInitializer 配置
public class ApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class < ? > [] getRootConfigClasses() {
return new Class[] {
ApplicationConfiguration.class, HibernateConfig.class};
}
@Override
protected Class < ? > [] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {
"/portal/*"
};
}
}
休眠配置
@Configuration
@EnableTransactionManagement
public class HibernateConfig {
@Autowired
private ApplicationContext context;
@Bean
public LocalSessionFactoryBean getSessionFactory() {
LocalSessionFactoryBean factoryBean = new LocalSessionFactoryBean();
factoryBean.setConfigLocation(context.getResource("classpath:hibernate.cfg.xml"));
factoryBean.setAnnotatedClasses(Employee.class, Authority.class, User.class);
return factoryBean;
}
@Bean
public HibernateTransactionManager getTransactionManager() {
HibernateTransactionManager transactionManager = new HibernateTransactionManager();
transactionManager.setSessionFactory(getSessionFactory().getObject());
return transactionManager;
}
}
解决方案
推荐阅读
- javascript - 如何使用带有 formControlName 的 ion-radio
- angular - 将 Angular2+ 集成到 ASP.Net MVC 4 中的最佳方法
- sql - SQL Server - 使用 ROW_NUMBER() OVER PARTITION 函数设置值
- indexing - 在 Spanner 表中获取数据时面临延迟问题
- apache - 为什么这个mod不重写触发器?(更新:相对和绝对重写路径)
- angular - Angular多次导航到同一个组件
- python - 在 Pytest 上的测试之间更新和共享变量
- c# - 仅在线程运行时运行 ProgressBar
- node.js - 从子进程到 API 的请求导致 ECONNRESET
- ssl - 负载均衡器中的 SSL 证书