Spring Security 6:401未经授权的请求

pgpifvop  于 11个月前  发布在  Spring
关注(0)|答案(1)|浏览(217)

我有这样的安全配置:

package io.chernikov.registerme.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

/**
 * Security configuration class.
 *
 * @author Serhii Chernikov
 * @version 1.0
 */
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
                .cors(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(authorization -> {
                    authorization.requestMatchers("/registration/**").permitAll();
                })
                .authorizeHttpRequests(authorization -> {
                    authorization.requestMatchers("/users/**")
                            .hasAnyAuthority("USER", "ADMIN");
                })
                .httpBasic(Customizer.withDefaults())
                .formLogin(Customizer.withDefaults())
                .build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

字符串
以下是我的RegistrationController

package io.chernikov.registerme.registration.controller;

import io.chernikov.registerme.event.RegistrationCompleteEvent;
import io.chernikov.registerme.registration.model.RegistrationRequest;
import io.chernikov.registerme.user.model.User;
import io.chernikov.registerme.user.service.UserService;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.web.bind.annotation.*;

/**
 * Registration REST controller implementation class.
 *
 * @author Serhii Chernikov
 * @version 1.0
 */
@RequiredArgsConstructor
@RestController
@RequestMapping(path = "/registration")
public class RegistrationController {

    private final UserService userService;
    private final ApplicationEventPublisher eventPublisher;

    @PostMapping(path = "/")
    public User register(@RequestBody RegistrationRequest request, final HttpServletRequest servletRequest) {
        User user = userService.registerUser(request);
        eventPublisher.publishEvent(new RegistrationCompleteEvent(user, getApplicationUrl(servletRequest)));

        return user;
    }

    @GetMapping(path = "/verification")
    public String verify(@RequestParam String token) {
        return null; // TODO: implement this
    }

    private String getApplicationUrl(HttpServletRequest request) {
        return String.format("http://%s:%s%s", request.getServerName(),
                                               request.getServerPort(),
                                               request.getContextPath());
    }

}


当我启动应用程序并尝试在http://localhost:8080/registration上发送POST请求时,我得到了401: Unauthorized响应(尽管在我看来,我允许未经授权的请求到/registration/**)。
也许我在配置中做错了什么?

2nc8po8w

2nc8po8w1#

未找到匹配项。使用默认入口点org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
在您的控制器中,路径与请求的端点不匹配。请删除路径中的斜杠以匹配端点:http://localhost:8080/registration

@PostMapping()
    public User register(@RequestBody RegistrationRequest request, final HttpServletRequest servletRequest) {}

字符串
您可以保留代码,但必须使用此端点:http://localhost:8080/registration/

相关问题