java - Spring Security 认证成功后返回 403
问题描述
我试图允许用户通过登录页面以及 API 调用进行身份验证。我曾经让它工作过,但是在弄乱了代码之后,我不记得我让一件事工作是否会导致其他事情发生故障。登录页面工作正常,但通过使用 curl 调用端点给我一个 403 错误。这发生在 AuthenticationFilter 中的 chain.doFilter() 中。
卷曲声明:
curl -XPOST "http:/localhost:8080/api/dothis" -H "accept: application/json" -F 'data=@path/to/cert'
MultipleSecurityConfig.java
@EnableWebSecurity
@Order(1)
public class MultipleSecurityConfig {
@Order(2)
@Configuration
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.antMatcher("/api/**").authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(new AuthenticationFilter(), BasicAuthenticationFilter.class);
}
}
@Configuration
public class LoginSecurityConfig extends WebSecurityConfigurerAdapter {
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
String[] permitted = {
"/login",
"/error",
"/images/**"
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(permitted).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/login")
.defaultSuccessUrl("/swagger-ui.html", true)
.and()
.logout()
.clearAuthentication(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/login").permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
}
AuthenticationFilter.java
//optional default is POST
con.setRequestMethod("POST");
//add request header
con.setRequestProperty("Content-Type","application/json");
con.setRequestProperty("User-Agent", USER_AGENT);
System.out.println("\nSending 'POST' request to URL : " + URL);
con.setDoOutput(true);
con.setDoInput(true);
int responseCode = con.getResponseCode();
try( DataOutputStream wr = new DataOutputStream(con.getOutputStream())) {
wr.write(postData);
} catch(Exception e){
System.out.println(e.getMessage());
}
StringBuffer result = new StringBuffer();
System.out.println("Response Code : " + responseCode);
if (responseCode == HttpsURLConnection.HTTP_OK) {
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
result.append(inputLine);
}
in.close();
}
else {
System.out.println("Error creating HTTPS connection");
System.out.println("Response Code: " + responseCode + ", Response Message: " + con.getResponseMessage());
result = null;
}
if(result.toString().contains("\"successful\": true")) {
http_response.setStatus(HttpServletResponse.SC_OK);
chain.doFilter(request, response);
}
解决方案
推荐阅读
- javascript - 在javascript中重定向网页
- html - 为什么列和换行中的 flexbox 被破坏
- java - 如何使用电报 api 从 chatid 中保存 id
- typeerror - TypeError:无法解压不可迭代的 int 对象以进行数据集扩充
- node.js - 尝试代理 websocket 并且在 setupProxy 中未建立连接
- reactjs - react-native 类组件中的替代 useState
- pytorch - 如何在 PyTorch 中获得组合网络的正确梯度?
- javascript - 一些图标点击监听器在 JavaScript 中可以正常工作,而另一些则不是很奇怪
- python - 不同 ID 的 Ngram,显示在一行中
- php - 如何在 Laravel / Lumen 8 的控制器中获取控制器和动作名称?