当启用VaadinWebSecurity扩展的Spring Security Config时,来自服务器的JSON响应无效

7gcisfzg  于 2024-01-05  发布在  Spring
关注(0)|答案(1)|浏览(119)

大家好
我有一个Java项目,使用Vaadin 24.0.3,Sping Boot 3.0.5,Java 17,你可以在this link上看到完整的项目。
这是我在尝试实现SecurityConfig类时遇到的错误:
Invalid JSON response from server: window.Vaadin = window.Vaadin || {};window.Vaadin.VaadinLicenseChecker = { maybeCheck: (productInfo) => { }};window.Vaadin.devTools = window.Vaadin.devTools || {};window.Vaadin.devTools.createdCvdlElements = window.Vaadin.devTools.createdCvdlElements || [];window.Vaadin.originalCustomElementDefineFn = window.Vaadin.originalCustomElementDefineFn || window.customElements.define;window.customElements.define = function (tagName, constructor, ...args) {const { cvdlName, version } = constructor;if (cvdlName && version) { const { connectedCallback } = constructor.prototype; constructor.prototype.connectedCallback = function () { window.Vaadin.devTools.createdCvdlElements.push(this); if (connectedCallback) { connectedCallback.call(this); } }}window.Vaadin.originalCustomElementDefineFn.call(this, tagName, constructor, ...args);}; window.Vaadin = window.Vaadin || {};window.Vaadin.ConsoleErrors = window.Vaadin.ConsoleErrors || [];const browserConsoleError = window.console.error.bind(window.console);console.error = (...args) => { browserConsoleError(...args); window.Vaadin.ConsoleErrors.push(args);};window.onerror = (message, source, lineno, colno, error) => {const location=source+':'+lineno+':'+colno;window.Vaadin.ConsoleErrors.push([message, '('+location+')']);};window.addEventListener('unhandledrejection', e => { window.Vaadin.ConsoleErrors.push([e.reason]);}); window.Vaadin = window.Vaadin || {}; window.Vaadin.developmentMode = true; if (!('CSSLayerBlockRule' in window)) { window.location.search='v-r=oldbrowser'; } window.Vaadin = window.Vaadin || {};window.Vaadin.TypeScript= {}; window.JSCompiler_renameProperty = function(a) { return a;} body, #outlet { height: 100vh; width: 100%; margin: 0; } .v-reconnect-dialog,.v-system-error {position: absolute;color: black;background: white;top: 1em;right: 1em;border: 1px solid black;padding: 1em;z-index: 10000;max-width: calc(100vw - 4em);max-height: calc(100vh - 4em);overflow: auto;} .v-system-error {color: indianred;pointer-events: auto;} .v-system-error h3, .v-system-error b {color: red;} [hidden] { display: none !important; } window.Vaadin = window.Vaadin || {}; window.Vaadin.registrations = window.Vaadin.registrations || []; window.Vaadin.registrations.push({"is":"flow/SpringInstantiator","version":"24.0.3"},{"is":"routing/server","version":"24.0.3"},{"is":"flow/app-dev-bundle","version":"24.0.3"},{"is":"java","version":"17.0.5"});
如果我注解掉方法“setLoginView(http,LoginView.class”,我可以进入我的登录视图页面,但是我的路由都没有像预期的那样工作,因为我收到了以下错误消息-点击它们不起作用,并将我重定向到相同的错误消息:
无法导航到'main'可用路径:admin_panel影院确认/:_url_parameter(requires parameter)主投影注册票此详细消息仅在开发模式下运行时显示。
这是SecurityConfig类

package com.finals.cinema.security;

import com.finals.cinema.view.LoginView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {

@Override
protected void configure(HttpSecurity http) throws Exception {
    // Delegating the responsibility of general configurations
    // of http security to the super class. It's configuring
    // the followings: Vaadin's CSRF protection by ignoring
    // framework's internal requests, default request cache,
    // ignoring public views annotated with @AnonymousAllowed,
    // restricting access to other views/endpoints, and enabling
    // ViewAccessChecker authorization.
    // You can add any possible extra configurations of your own
    // here (the following is just an example):

    // http.rememberMe().alwaysRemember(false);

    // Configure your static resources with public access before calling
    // super.configure(HttpSecurity) as it adds final anyRequest matcher
    //        http.authorizeHttpRequests().requestMatchers(new AntPathRequestMatcher("/*"))
    //                .permitAll();

    super.configure(http);

    // This is important to register your login view to the
    // view access checker mechanism:
    //        setLoginView(http, LoginView.class);
}

@Override
public void configure(WebSecurity web) throws Exception {
    // Customize your WebSecurity configuration.
    super.configure(web);
}

/**
 * Demo UserDetailsManager which only provides two hardcoded
 * in memory users and their roles.
 * NOTE: This shouldn't be used in real world applications.
 */
@Bean
public UserDetailsManager userDetailsService() {
    UserDetails user =
            User.withUsername("user")
                    .password("{noop}user")
                    .roles("USER")
                    .build();
    UserDetails admin =
            User.withUsername("admin")
                    .password("{noop}admin")
                    .roles("ADMIN")
                    .build();
    return new InMemoryUserDetailsManager(user, admin);
}
}

字符串
到目前为止,我所尝试的:

setLoginView(http, LoginView.class);
setLoginView(http, "");
setLoginView(http, "/");


setLoginView(http,MainView.class)-应用程序的工作方式就像没有配置安全性,并且所有路由都是公开可用的/无需登录。
编辑:这是Spring Security的调试日志。

2023-06-20T22:53:26.208+03:00 DEBUG 18424 --- [nio-8888-exec-1] o.s.security.web.FilterChainProxy        : Secured GET /VAADIN/dev-bundle/VAADIN/build/FlowClient-e0ae8105.js
2023-06-20T22:53:26.289+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /VAADIN/themes/flowcrmtutorial/styles.css
2023-06-20T22:53:26.289+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-06-20T22:53:26.290+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.security.web.FilterChainProxy        : Secured GET /VAADIN/themes/flowcrmtutorial/styles.css
2023-06-20T22:53:26.297+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.security.web.FilterChainProxy        : Securing POST /?v-r=uidl&v-uiId=3
2023-06-20T22:53:26.444+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.s.a.dao.DaoAuthenticationProvider    : Failed to find user ''
2023-06-20T22:53:26.446+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.s.web.DefaultRedirectStrategy        : Redirecting to /?error
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.security.web.FilterChainProxy        : Securing GET /?error
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.security.web.FilterChainProxy        : Secured GET /?error

spring

1条答案

按热度按时间
7xzttuei

7xzttuei1#

虽然这并没有解释为什么会发生这种情况。使用setLoginView(http, "/ ");似乎解决了这个问题(在loginView url后添加空格)。

赞(0)分享  回复(0)举报  2024-01-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com