Vaadin 24资源绕过Spring Security

vjrehmav 于 2023-05-07 发布在 Spring

关注(0)|答案(2)|浏览(209)

对于Vaadin 14，有一个文档清楚地说明了哪些Vaadin资源应该添加到配置中以绕过Spring Security：https://vaadin.com/docs/v14/flow/tutorial/login-and-authentication

/**
   * Allows access to static resources, bypassing Spring Security.
   */
  @Override
  public void configure(WebSecurity web) {
    web.ignoring().antMatchers(
        // Client-side JS
        "/VAADIN/**",

        // the standard favicon URI
        "/favicon.ico",

        // the robots exclusion standard
        "/robots.txt",

        // web application manifest
        "/manifest.webmanifest",
        "/sw.js",
        "/offline.html",

        // icons and images
        "/icons/**",
        "/images/**",
        "/styles/**",

        // (development mode) H2 debugging console
        "/h2-console/**");
  }

我找不到Vaadin 24的相同信息。
这是我当前的配置：

@Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);

        web.ignoring().requestMatchers(
              
                "/session-expired",
                "/images/*",
                "/login",
                "/favicon.ico",
                "/favicon-notification.ico",
                "/offline.html",
                "/offline-stub.html",
                "/sw-runtime-resources-precache.js",
                "/robots.txt");
    }

为了使Vaadin 24正常运行，还需要添加什么？我需要在这里添加其他内容吗，例如：

"/VAADIN/**",
"/sw.js",

还是别的什么

spring-security

来源：https://stackoverflow.com/questions/76140025/vaadin-24-resources-to-bypass-spring-security

2条答案

按热度按时间

balp4ylt1#

您可以扩展为Vaadin应用程序设置所需规则的VaadinWebSecurity类。
https://vaadin.com/docs/latest/security/enabling-security/#security-configuration-class
如果由于某种原因无法扩展它，请查看代码以了解配置的内容。

赞(0）回复(0）举报 2023-05-07

gxwragnw2#

你应该用AntPathRequestMatcher对象 Package 你的路径。这是我对Vaadin 24 Flow的工作配置：

/**
 * @see VaadinWebSecurity#configure(HttpSecurity)
 */
@Override
protected void configure(@NotNull final HttpSecurity http) throws Exception {
    http.authorizeHttpRequests().requestMatchers(
            // Client-side JS
            new AntPathRequestMatcher("/VAADIN/**"),

            // the standard favicon URI
            new AntPathRequestMatcher("/favicon.ico"),

            // the robots exclusion standard
            new AntPathRequestMatcher("/robots.txt"),

            // web application manifest
            new AntPathRequestMatcher("/manifest.webmanifest"),
            new AntPathRequestMatcher("/sw.js"),
            new AntPathRequestMatcher("/offline.html"),

            // icons and images
            new AntPathRequestMatcher("/icons/**"),
            new AntPathRequestMatcher("/images/**"),
            new AntPathRequestMatcher("/styles/**"),

            // (development mode) H2 debugging console
            new AntPathRequestMatcher("/h2-console/**")
    ).permitAll();

    super.configure(http);

    setLoginView(http, LoginView.class, LOGOUT_URL);
}

赞(0）回复(0）举报 2023-05-07

我来回答

Vaadin 24资源绕过Spring Security

2条答案

相关问题

热门标签

最新问答