目前,我正在学习Spring Security,并创建了此配置文件。
不知何故,Vaadin生成的HTML元素由于401 forbitten
请求而被阻止。有人知道如何允许Vaadin生成视图到允许的页面。例如,"/login”
是permitAll(),生成时应该没有任何问题,但对于"/"
路由,用户应该是authenticated();
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
private static final String LOGIN_URL = "/login";
private static final String LOGOUT_SUCCESS_URL = "/login";
private static final String LOGIN_PROCESSING_URL = "/login";
private static final String LOGIN_FAILURE_URL = "/login?error";
@Autowired
private UserService userService;
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.cors().disable()
.authorizeHttpRequests(auth -> {
auth.requestMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**").permitAll();
auth.requestMatchers("/vaadinServlet/UIDL/**").permitAll();
auth.requestMatchers("/vaadinServlet/HEARTBEAT/**").permitAll();
auth.requestMatchers("/resources/**").permitAll();
auth.requestMatchers("/login").permitAll();
auth.requestMatchers("/api/**").authenticated();
auth.requestMatchers("/secured").authenticated();
auth.requestMatchers("/admin").hasRole("ADMIN");
auth.anyRequest().authenticated(); // Commenting this also doesnt help
})
.formLogin(loginForm -> {
loginForm.loginPage(LOGIN_URL);
loginForm.loginProcessingUrl(LOGIN_PROCESSING_URL);
loginForm.failureUrl(LOGIN_FAILURE_URL);
})
.logout(logout -> logout.logoutSuccessUrl(LOGOUT_SUCCESS_URL))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.rememberMe().disable()
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.requestMatchers("/resources/**")
.requestMatchers("/VAADIN/**")
.requestMatchers("/PUSH/**")
.requestMatchers("/UIDL/**")
.requestMatchers("/dev-bundle/**")
.requestMatchers("/vaadinServlet/**")
.requestMatchers("/chromewebdata/**")
.requestMatchers("/images/**")
.requestMatchers("/icons/**");
}
// Rest of beans...
}
字符串
x1c 0d1x的数据
请为SpringBoot 6
或以上添加答案。非常感谢
1条答案
按热度按时间atmip9wb1#
Vaadin为Spring安全配置提供了一个helper类。https://vaadin.com/docs/latest/security/enabling-security/#security-configuration-class
如果你不想/不能使用它,看看VaadinWebSecurity类中应用的配置