Spring Security 由于安全配置,Vaadin未生成html

cwtwac6a  于 2023-08-05  发布在  Spring
关注(0)|答案(1)|浏览(111)

目前,我正在学习Spring Security,并创建了此配置文件。
不知何故,Vaadin生成的HTML元素由于401 forbitten请求而被阻止。有人知道如何允许Vaadin生成视图到允许的页面。例如,"/login”是permitAll(),生成时应该没有任何问题,但对于"/"路由,用户应该是authenticated();

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    private static final String LOGIN_URL = "/login";
    private static final String LOGOUT_SUCCESS_URL = "/login";
    private static final String LOGIN_PROCESSING_URL = "/login";
    private static final String LOGIN_FAILURE_URL = "/login?error";

    @Autowired
    private UserService userService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .cors().disable()
                .authorizeHttpRequests(auth -> {
                    auth.requestMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**").permitAll();
                    auth.requestMatchers("/vaadinServlet/UIDL/**").permitAll();
                    auth.requestMatchers("/vaadinServlet/HEARTBEAT/**").permitAll();
                    auth.requestMatchers("/resources/**").permitAll();
                    auth.requestMatchers("/login").permitAll();
                    auth.requestMatchers("/api/**").authenticated();
                    auth.requestMatchers("/secured").authenticated();
                    auth.requestMatchers("/admin").hasRole("ADMIN");
                    auth.anyRequest().authenticated(); // Commenting this also doesnt help
                })
                .formLogin(loginForm -> {
                    loginForm.loginPage(LOGIN_URL);
                    loginForm.loginProcessingUrl(LOGIN_PROCESSING_URL);
                    loginForm.failureUrl(LOGIN_FAILURE_URL);
                })
                .logout(logout -> logout.logoutSuccessUrl(LOGOUT_SUCCESS_URL))
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .rememberMe().disable()
                .exceptionHandling()
                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));

        return http.build();
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring()
                .requestMatchers("/resources/**")
                .requestMatchers("/VAADIN/**")
                .requestMatchers("/PUSH/**")
                .requestMatchers("/UIDL/**")
                .requestMatchers("/dev-bundle/**")
                .requestMatchers("/vaadinServlet/**")
                .requestMatchers("/chromewebdata/**")
                .requestMatchers("/images/**")
                .requestMatchers("/icons/**");
    }

    // Rest of beans...
}

字符串
x1c 0d1x的数据
请为SpringBoot 6或以上添加答案。非常感谢

atmip9wb

atmip9wb1#

Vaadin为Spring安全配置提供了一个helper类。https://vaadin.com/docs/latest/security/enabling-security/#security-configuration-class
如果你不想/不能使用它,看看VaadinWebSecurity类中应用的配置

相关问题