我正在按照一个旧的教程来实现Spring Security。不幸的是,antMatchers
在我的配置类中没有被识别为方法,所以在做了一些研究之后,我相信requestMatchers
方法是它的等价物。但是,路径(/
)仍然被阻止,没有经过身份验证。我希望允许这样做。
这是我的控制器:
package com.quadri.springsecurity.controllers;
import java.util.Arrays;
import java.util.List;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.quadri.springsecurity.models.Student;
@RestController
@RequestMapping("api/v1/students")
public class StudentController {
private static final List<Student> STUDENTS = Arrays.asList(
new Student(1, "James Bond"),
new Student(2, "Maria Jones"),
new Student(3, "Anna Smith")
);
@GetMapping(path = "{studentId}")
public Student getStudent(@PathVariable("studentId") Integer studentId) {
return STUDENTS.stream()
.filter(student -> studentId.equals(student.getStudentId()))
.findFirst()
.orElseThrow(() -> new IllegalStateException("Student " + studentId + " does not exist!"));
}
}
下面是我的配置文件:
package com.quadri.springsecurity.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers( "resources/**", "/").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
return http.build();
}
}
在我的resources/static文件夹中,我创建了一个简单的html页面(index.html
)来显示hello world。在教程中,RequestMapping
没有改变,但是他们在配置文件中使用了.antMatcher
,这在Spring Security中是不可识别的方法,至少在我使用的版本中是这样。以下是我的POM供参考:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.quadri</groupId>
<artifactId>spring-security</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-security</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
确保允许使用home或"/" URL的正确方法是什么?
1条答案
按热度按时间1tuwyuhd1#
您应该在
HttpSecurity
请求匹配器中允许index.html
,因为转到/
会自动重定向到index.html
,并且没有为index.html
定义允许规则以提供身份验证提示。