我正在使用 Spring Boot 和安全与Kotlin与maven。这是我的SecurityFilterChain
@Bean
fun securityFilterChainDSL(http: HttpSecurity): SecurityFilterChain {
http {
cors { disable() }
csrf { disable() }
exceptionHandling { authenticationEntryPoint = unauthorizedHandler }
//httpBasic {}
authorizeRequests {
authorize("/api/v1/auth/**", permitAll)
authorize("/api/v1/swagger/**", permitAll)
authorize("/swagger**/**", permitAll)
authorize("/h2-console**/**", permitAll)
authorize(matches = anyRequest, access = authenticated)
}
sessionManagement { sessionCreationPolicy = SessionCreationPolicy.STATELESS }
headers { frameOptions { disable() } }
addFilterBefore<UsernamePasswordAuthenticationFilter>(filter = jwtAuthenticationFilter)
}
return http.build()
}
字符串
我无法允许h2控制台如下;http://localhost:8080/h2-console/login.jsp?jsessionid=3daf979688385fbfb46a7df556f61282
个
但是当我用传统的方式:)效果很好。
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain =
http
.cors { it.disable() }
.csrf { it.disable() }
.exceptionHandling {
it.authenticationEntryPoint(unauthorizedHandler)
}
.authorizeHttpRequests {
it
.requestMatchers(AntPathRequestMatcher("/api/v1/auth/**")).permitAll()
.requestMatchers(AntPathRequestMatcher("/api/v1/swagger/**")).permitAll()
.requestMatchers(AntPathRequestMatcher("/swagger**/**")).permitAll()
.requestMatchers(AntPathRequestMatcher("/h2-console**/**")).permitAll()
.anyRequest().authenticated()
}
.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.headers { it.frameOptions { foc -> foc.disable() } }
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
.build()
型
我看不出有什么不同,甚至在文件。
x1c 0d1x的数据
1条答案
按热度按时间qhhrdooz1#
好吧,我想出来了,更新了h2控制台匹配器和工作以下的数据库;
字符串
完整的bean定义是;
型