Spring MVC Spring Security 6访问公共URL问题

snz8szmq 于 2023-08-06 发布在 Spring

关注(0)|答案(1)|浏览(188)

我使用的是spring 3.0.5和spring security 6.0.2版本，面临着访问我通过SecurityFilterChain配置的公共URL的问题，我使用的是spring MVC。AppConfig类如下

package com.test.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class AppConfig {

    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.csrf(csrf -> csrf.disable()).authorizeHttpRequests(
                auth -> auth.requestMatchers("/home").permitAll().anyRequest().authenticated());

        return http.build();
    }

}

字符串
基本控制器如下

package com.test.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class BasicController {

    @GetMapping("/home")
    public String showHome(Model model) {

        model.addAttribute("title", "Home Page");

        return "guest/home";
    }

    @GetMapping("/login")
    public String showLogin(Model model) {

        model.addAttribute("title", "Login Page");
        return "guest/loginPage";
    }

    @GetMapping("/user/index")
    public String getUserHome(Model model) {

        model.addAttribute("title", "User Home");

        return "user/home";
    }

}

型
application.properties文件是

server.port=8100

spring.security.user.name=abcd
spring.security.user.password=xyz

logging.level.org.springframework.security=DEBUG

型
下面是我的HTML页面，位于templates -> guest -> home中，我还有一个我没有提到的基类。

<!doctype html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
    th:replace="guest/base::layout(~{::section})">
<head>
<meta charset="UTF-8" />
<title>Home Page</title>
</head>
<body>
    <section>
        <span>I am in home page.</span>
    </section>
</body>
</html>

型
最后，我得到以下错误，当我击中localhost：8100/家

[2m2023-04-01T06:18:27.012+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /home
[2m2023-04-01T06:18:27.013+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Secured GET /home
[2m2023-04-01T06:18:27.015+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /guest/home
[2m2023-04-01T06:18:27.015+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Set SecurityContextHolder to anonymous SecurityContext
[2m2023-04-01T06:18:27.016+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.s.HttpSessionRequestCache       [0;39m [2m:[0;39m Saved request http://localhost:8100/guest/home?continue to session
[2m2023-04-01T06:18:27.016+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.a.Http403ForbiddenEntryPoint    [0;39m [2m:[0;39m Pre-authenticated entry point called. Rejecting access
[2m2023-04-01T06:18:27.016+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /error
[2m2023-04-01T06:18:27.017+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Set SecurityContextHolder to anonymous SecurityContext
[2m2023-04-01T06:18:27.017+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.s.HttpSessionRequestCache       [0;39m [2m:[0;39m Saved request http://localhost:8100/error?continue to session
[2m2023-04-01T06:18:27.017+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-1][0;39m [36mo.s.s.w.a.Http403ForbiddenEntryPoint    [0;39m [2m:[0;39m Pre-authenticated entry point called. Rejecting access
[2m2023-04-01T06:18:27.255+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /home
[2m2023-04-01T06:18:27.256+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Secured GET /home
[2m2023-04-01T06:18:27.257+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /guest/home
[2m2023-04-01T06:18:27.257+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Set SecurityContextHolder to anonymous SecurityContext
[2m2023-04-01T06:18:27.258+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.s.HttpSessionRequestCache       [0;39m [2m:[0;39m Saved request http://localhost:8100/guest/home?continue to session
[2m2023-04-01T06:18:27.258+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.a.Http403ForbiddenEntryPoint    [0;39m [2m:[0;39m Pre-authenticated entry point called. Rejecting access
[2m2023-04-01T06:18:27.258+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m Securing GET /error
[2m2023-04-01T06:18:27.259+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Set SecurityContextHolder to anonymous SecurityContext
[2m2023-04-01T06:18:27.259+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.s.HttpSessionRequestCache       [0;39m [2m:[0;39m Saved request http://localhost:8100/error?continue to session
[2m2023-04-01T06:18:27.259+05:30[0;39m [32mDEBUG[0;39m [35m16852[0;39m [2m---[0;39m [2m[nio-8100-exec-2][0;39m [36mo.s.s.w.a.Http403ForbiddenEntryPoint    [0;39m [2m:[0;39m Pre-authenticated entry point called. Rejecting access

型
我希望当我击中公共网址是permitAll在安全过滤器链，他们应该是可访问的。

spring-mvc

来源：https://stackoverflow.com/questions/75903668/spring-security-6-accessing-public-urls-issue

1条答案

按热度按时间

ej83mcc01#

在Spring Security 6中，Authorization过滤器适用于每个分派类型。即DispatcherType.ERROR，DispatcherType.ASYNC，为了禁用对上述调度程序类型的过滤，
像这样更新：

http.csrf(csrf -> csrf
         .disable())
        .authorizeHttpRequests(auth ->  auth
        .requestMatchers("/home")
        .permitAll()
        .dispatcherTypeMatchers(DispatcherType.ERROR)
        .permitAll()
        .anyRequest()
        .authenticated());

字符串

赞(0）回复(0）举报 2023-08-06

我来回答

Spring MVC Spring Security 6访问公共URL问题

1条答案

相关问题

热门标签

最新问答