我有一个spring boot应用程序,Map如下:
@GetMapping(value = { "/", })
public String home(Model model) {
}和 localhot:8080 , localhost:8080/ , localhost:8080/. , localhost:8080/.. 重定向到 / 但不是
localhost:8080/...而在 WebSecurityConfig 我只有一个公开的匹配者: / .
我想限制 localhost:8080/. 以及 localhost:8080/.. 在这里:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserSecurityService userSecurityService;
private final Environment env;
private static final String SALT = "fd&l23j§sfs23#$1*(_)nof";
public WebSecurityConfig(UserSecurityService userSecurityService, Environment env) {
this.userSecurityService = userSecurityService;
this.env = env;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter();
encodingFilter.setEncoding("UTF-8");
encodingFilter.setForceEncoding(true);
http.addFilterBefore(encodingFilter, CsrfFilter.class);
http.csrf().disable();
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/advertise.html")
.failureUrl("/login.html?error").permitAll()
.and()
.logout()
.permitAll()
.and()
.rememberMe()
.key("uniqueAndSecret");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userSecurityService)
.passwordEncoder(passwordEncoder());
}
private String[] publicMatchers() {
final String[] PUBLIC_MATCHERS = {
"/webjars/**",
"/css/**",
"/fonts/**",
"/images/**",
"/img/**",
"/js/**",
"/home.html",
"/links/**",
"/links.html",
"/favicon.ico",
"/forgotmypassword.html",
"/directory/**",
"/",
"/error/**/*",
"/h2-console/**",
ForgotMyPasswordController.FORGOT_PASSWORD_URL_MAPPING,
ForgotMyPasswordController.CHANGE_PASSWORD_PATH
};
return PUBLIC_MATCHERS;
}
}
1条答案
按热度按时间gywdnpxw1#
我举了一个和你相似的简单例子。我正在用curl(不是web浏览器)进行测试,结果如下:
localhost:8080/.内部服务器错误。此异常在服务器中引发:org.springframework.security.web.firewall.requestrejectedexception:请求被拒绝,因为url未规范化。
localhost:8080/..错误的请求似乎嵌入的tomcat给了您这样的响应。我尝试添加一个全局错误控制器,我可以在spring中得到错误
localhost:8080/...找不到终结点这是exepced,因为我没有这样的端点“/”的任何Map
我认为你的浏览器实际上要求
localhost:8080/当你打字的时候localhost:8080/.或者localhost:8080/..你的spring boot应用程序没有重定向