总是得到403 Forbidden错误,即使它应该返回404 Not错误(Java Spring应用程序问题)

de90aj5v  于 2024-01-05  发布在  Spring
关注(0)|答案(1)|浏览(321)

我遇到了Java 17 Spring Maven应用程序的问题,因为当我测试我的代码时,它总是在Postman中返回403 Forbidden状态。我在securityFilterChain()方法中找到了问题,但我不确定如何解决这个问题。

  1. @Configuration
  2. @EnableWebSecurity
  3. @RequiredArgsConstructor
  4. public class SecurityConfiguration {
  5. private final JwtAuthenticationFilter jwtAuthFilter;
  6. private final AuthenticationProvider authenticationProvider;
  7. @Bean
  8. public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  9. http
  10. .authorizeHttpRequests(auth -> auth
  11. .requestMatchers("/api/v1/city/**").permitAll()
  12. .requestMatchers("/api/v1/auth/**").permitAll()
  13. .anyRequest().authenticated()
  14. )
  15. .csrf(AbstractHttpConfigurer::disable)
  16. .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
  17. .authenticationProvider(authenticationProvider)
  18. .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
  19. return http.build();
  20. }
  21. }

字符串
有没有人遇到过类似的问题。
先谢谢你了!
当我禁用:.authenticationProvider(authenticationProvider) .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);.requestMatchers("/api/v1/city/**").permitAll() .requestMatchers("/api/v1/auth/**").permitAll()然后它给出正确的响应,但然后我dissable JWT身份验证
Example of problem
Example of problem

laawzig2

laawzig21#

您正在被重定向到/error页面,该页面由spring-security保护。因此您应该允许它
添加

  1. .requestMatchers("/error").permitAll()

字符串

相关问题