在同一调试期间拒绝匿名+已验证用户的访问

k10s72fa  于 2021-07-08  发布在  Java
关注(0)|答案(0)|浏览(191)

如何为基本路径URL正常验证用户身份?

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/version", "/sso/**", "/tenants**", "/static/*", "/login");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .csrf().disable()
                .authorizeRequests().antMatchers(Api.Private.BASE_PATH + "/**").authenticated().and().httpBasic()
                .and().authorizeRequests().antMatchers(Api.BASE_PATH + "/**").authenticated()
                .anyRequest().authenticated();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

在调试期间,我在securitycontextimpl中看到用户

details = {SimpleKeycloakAccount@11046} 
 roles = {HashSet@11048}  size = 3"

但在同一次运行中,匿名身份验证失败

public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
//
        boolean granted = ExpressionUtils.evaluateAsBoolean(webExpressionConfigAttribute.getAuthorizeExpression(), ctx);
        if (granted) {
            return ACCESS_GRANTED;
        }
        this.logger.trace("Voted to deny authorization");
        return ACCESS_DENIED;
    }

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题