我有这样的安全配置:
package io.chernikov.registerme.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
/**
* Security configuration class.
*
* @author Serhii Chernikov
* @version 1.0
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorization -> {
authorization.requestMatchers("/registration/**").permitAll();
})
.authorizeHttpRequests(authorization -> {
authorization.requestMatchers("/users/**")
.hasAnyAuthority("USER", "ADMIN");
})
.httpBasic(Customizer.withDefaults())
.formLogin(Customizer.withDefaults())
.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}字符串
以下是我的RegistrationController:
package io.chernikov.registerme.registration.controller;
import io.chernikov.registerme.event.RegistrationCompleteEvent;
import io.chernikov.registerme.registration.model.RegistrationRequest;
import io.chernikov.registerme.user.model.User;
import io.chernikov.registerme.user.service.UserService;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.web.bind.annotation.*;
/**
* Registration REST controller implementation class.
*
* @author Serhii Chernikov
* @version 1.0
*/
@RequiredArgsConstructor
@RestController
@RequestMapping(path = "/registration")
public class RegistrationController {
private final UserService userService;
private final ApplicationEventPublisher eventPublisher;
@PostMapping(path = "/")
public User register(@RequestBody RegistrationRequest request, final HttpServletRequest servletRequest) {
User user = userService.registerUser(request);
eventPublisher.publishEvent(new RegistrationCompleteEvent(user, getApplicationUrl(servletRequest)));
return user;
}
@GetMapping(path = "/verification")
public String verify(@RequestParam String token) {
return null; // TODO: implement this
}
private String getApplicationUrl(HttpServletRequest request) {
return String.format("http://%s:%s%s", request.getServerName(),
request.getServerPort(),
request.getContextPath());
}
}型
当我启动应用程序并尝试在http://localhost:8080/registration上发送POST请求时,我得到了401: Unauthorized响应(尽管在我看来,我允许未经授权的请求到/registration/**)。
也许我在配置中做错了什么?
1条答案
按热度按时间2nc8po8w1#
未找到匹配项。使用默认入口点org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
在您的控制器中,路径与请求的端点不匹配。请删除路径中的斜杠以匹配端点:http://localhost:8080/registration
字符串
您可以保留代码,但必须使用此端点:http://localhost:8080/registration/