spring-security - 非 Springboot 应用程序的 Spring 安全性不起作用
问题描述
我试图在 Spring 4 中为我的端点启用基本身份验证。但它似乎没有做任何事情。
任何想法?
如果我放了一个断点,我只能看到配置方法在服务器启动时被调用。
package org.example;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@Validated
public class MyController {
@RequestMapping(value = "/health")
public String health() {
return "OK";
}
@RequestMapping(value = "/getdata")
public String getData() {
return "data";
}
}
package org.example;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class BasicAuthConfig extends WebSecurityConfigurerAdapter {
// Authentication : User --> Roles
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.withUser("appuser")
.password("{noop}apipassword")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//HTTP Basic authentication
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/rest/**").hasRole("USER")
.antMatchers(HttpMethod.POST, "/cxf/**").hasRole("USER")
.and()
.csrf().disable()
.formLogin().disable();
}
}
我的 web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>cxf</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>101</load-on-startup>
<init-param>
<param-name>use-x-forwarded-headers</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>rest</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>103</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>rest</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cxf</servlet-name>
<url-pattern>/cxf/*</url-pattern>
</servlet-mapping>
</web-app>
http://localhost:8080/TestWeb3/rest/health 无需身份验证仍可访问
解决方案
事实证明我需要在 web.xml 中连接一个安全过滤器,如下所示
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
推荐阅读
- python - 如何将每个打印语句的输出传递到 tkinter?
- javascript - Next.js 应用程序在开发中工作,但在构建和部署期间失败
- javascript - 无法运行 forEach()
- node.js - 语法错误:意外的令牌 =
- html - 圆形 div 在较小尺寸上显示边缘
- jquery - 当动态div的高度大于1000px时,Jquery显示/隐藏div
- vue.js - Filepond mixed content error in production
- wordpress - How to reverse Wordpress date feed in twig / timber?
- game-maker - Game Maker WASD 和方向键平滑旋转?
- python - how to improve the calculation speed str to float