时间戳

首页 > 解决方案 > SpringBoot 公共匹配器

java - SpringBoot 公共匹配器

问题描述

我有一个带有此映射的 Spring Boot 应用程序:

@GetMapping(value = {  "/",  })
public String home(Model model) {
}

重定向到/但不是

localhost:8080/...

WebSecurityConfig我唯一的公共匹配器中是这个:/

我想限制访问localhost:8080/.localhost:8080/..

这里:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final UserSecurityService userSecurityService;
    private final Environment env;

    private static final String SALT = "fd&l23j§sfs23#$1*(_)nof";

    public WebSecurityConfig(UserSecurityService userSecurityService, Environment env) {
        this.userSecurityService = userSecurityService;
        this.env = env;
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter();
        encodingFilter.setEncoding("UTF-8");
        encodingFilter.setForceEncoding(true);

        http.addFilterBefore(encodingFilter, CsrfFilter.class);
    
        http.csrf().disable();
    
        http
            .authorizeRequests()
                .antMatchers(publicMatchers()).permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login.html")
                .defaultSuccessUrl("/advertise.html")
                .failureUrl("/login.html?error").permitAll()
                .and()
            .logout()
                .permitAll()
                .and()
            .rememberMe()
                .key("uniqueAndSecret");
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth
            .userDetailsService(userSecurityService)
                .passwordEncoder(passwordEncoder());
    }

    private String[] publicMatchers() {

        final String[] PUBLIC_MATCHERS = {
                "/webjars/**",
                "/css/**",
                "/fonts/**",
                "/images/**",
                "/img/**",
                "/js/**",
                "/home.html",
                "/links/**",
                "/links.html",
                "/favicon.ico",
                "/forgotmypassword.html",
                "/directory/**",
                "/",
                "/error/**/*",
                "/h2-console/**",
                ForgotMyPasswordController.FORGOT_PASSWORD_URL_MAPPING,
                ForgotMyPasswordController.CHANGE_PASSWORD_PATH
        };

        return PUBLIC_MATCHERS;
    }
}

标签: javaspringspring-bootspring-mvcspring-security

解决方案

我做了一个和你类似的简单例子。我正在使用 curl(不是 Web 浏览器)进行测试,结果如下:

  • localhost:8080/. 内部服务器错误。

在服务器中抛出这个异常:org.springframework.security.web.firewall.RequestRejectedException: The request was denied because the URL was not normalized。

  • localhost:8080/.. 错误的请求

似乎嵌入式 tomcat 给了你这个响应。我尝试添加一个全局错误控制器,我可以在春天得到错误

  • localhost:8080/...未找到端点

这是因为我没有此类端点“/ ...”的任何映射

我认为您的浏览器实际上是在请求localhost:8080/您键入时localhost:8080/.localhost:8080/..您的spring boot 应用程序没有重定向

推荐阅读