Spring Boot Security:在Windows中有效,但不适用于Docker / Alpine

scu*_*ker 5 java spring docker spring-boot

我有一个庞大的旧式定制CMS,需要移植到Docker。它最初是作为Tomcat 6 / Ubuntu 14中的WAR部署的,但是我(很有耐心)设法使它作为独立的JAR运行(根据公司要求)。该代码(与所有旧项目一样)很丑陋且笨拙。

这在我的Windows机器上运行良好(足够好):

mvn clean install && java -jar target/appname-1.0.12-SNAPSHOT.jar --spring.profiles.active=qa
Run Code Online (Sandbox Code Playgroud)

这样,我便可以运行一个实例,如果我在浏览器中加载该实例,则可以授予我未经授权的权限访问多个页面,并需要其他用户登录。基本上是功能齐全的版本。

我在Alpine上看到的症状(以及在OSX上的简短运行)如下:

  • Spring Boot执行器端点按预期方式工作(在文件夹下/actuator
  • 已明确列入白名单的任何其他端点都给出404。
  • 所有未列入白名单302的端点都按预期方式重定向到登录页面,但是其本身却给出404找不到。

我将发布整个POM(带有删节的部分)和整个扩展的类WebSecurityConfigurerAdapter,即使它们很长-我对此表示歉意,但是可能更清晰的眼光会吸引一些明显的东西。

主应用程序类非常空,并带有@SpringBootApplication和注释。@ComponentScan

扩展WebSecurityConfigurerAdapter的类:

package com.REDACTED.app.config;

import com.REDACTED.app.authentication.AjaxAwareLoginUrlAuthenticationEntryPoint;
import com.REDACTED.app.authentication.CmsPermissionEvaluator;
import com.REDACTED.app.authentication.REDACTEDRedeemAuthenticationProvider;
import com.REDACTED.app.authentication.REDACTEDRetrievalFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration
    .WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.authentication.*;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    public static final String LOGIN = "/login";
    public static final String LOGOUT = "/logout";
    public static final String DEFAULT_TARGET_URL = "/";
    public static final String DEFAULT_FAILURE_URL = "/login?login_error=true";

    public static final String[] allowedPaths =
        new String[] {"/login**", "/assets/**", "/REDACTED_security_check**", "/connect",
            "/error/**", "/resources/**", "/status**", "/server**", "/404.html", "/actuator/**"

        };

    // INFO [REDACTED] ... hmmm, can this bean be declared in this class AND autowired here?? Why, yes. Yes it can.
    // It does seem a little dodgy.
    @Autowired
    private LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers(allowedPaths)
                .permitAll()
                .anyRequest()
                .authenticated()
            .and()
                .formLogin()
                .loginPage(LOGIN)
                .failureUrl(DEFAULT_FAILURE_URL)
            .and()
                .logout()
                .invalidateHttpSession(true)
                .logoutUrl(LOGOUT)
                .logoutSuccessUrl(DEFAULT_TARGET_URL).permitAll()
            .and()
                .exceptionHandling().accessDeniedPage("/error/403")
            .and()
                .csrf().disable();



        http.httpBasic()
            .authenticationEntryPoint(loginUrlAuthenticationEntryPoint);

        super.configure(http);

    }

    @Bean
    AjaxAwareLoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint() {
        return new AjaxAwareLoginUrlAuthenticationEntryPoint(LOGIN);
    }

    @Bean
    REDACTEDRedeemAuthenticationProvider connectAuthenticationProvider() {
        return new REDACTEDRedeemAuthenticationProvider();
    }

    @Bean
    REDACTEDRetrievalFilter REDACTEDRetrievalFilter(
        AuthenticationManager authenticationManager, AuthenticationFailureHandler failureHandler,
        AuthenticationSuccessHandler successHandler) {
        REDACTEDRetrievalFilter ctrf = new REDACTEDRetrievalFilter();
        ctrf.setAuthenticationManager(authenticationManager);
        ctrf.setAuthenticationFailureHandler(failureHandler);
        ctrf.setAuthenticationSuccessHandler(successHandler);
        return ctrf;
    }

    @Bean
    SavedRequestAwareAuthenticationSuccessHandler successHandler() {
        SavedRequestAwareAuthenticationSuccessHandler sh =
            new SavedRequestAwareAuthenticationSuccessHandler();
        sh.setDefaultTargetUrl(DEFAULT_TARGET_URL);
        return sh;
    }

    @Bean
    SimpleUrlAuthenticationFailureHandler failureHandler() {
        SimpleUrlAuthenticationFailureHandler fh = new SimpleUrlAuthenticationFailureHandler();
        fh.setDefaultFailureUrl(DEFAULT_FAILURE_URL);
        return fh;
    }

    @Bean
    DefaultMethodSecurityExpressionHandler expressionHandler(
        PermissionEvaluator permissionEvaluator) {
        DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
        eh.setPermissionEvaluator(permissionEvaluator);
        return eh;
    }

    @Bean
    DefaultWebSecurityExpressionHandler webExpressionHandler(
        PermissionEvaluator permissionEvaluator) {
        DefaultWebSecurityExpressionHandler wh = new DefaultWebSecurityExpressionHandler();
        wh.setPermissionEvaluator(permissionEvaluator);
        return wh;
    }

    @Bean
    CmsPermissionEvaluator permissionEvaluator() {
        return new CmsPermissionEvaluator();
    }



}
Run Code Online (Sandbox Code Playgroud)

聚甲醛

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.REDACTED.app</groupId>
    <artifactId>REDACTED</artifactId>
    <version>1.0.13-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>REDACTED</name>
    <description>REDACTED : CMS</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <!--

        WARNING: updating the version any higher than 1.5.2.RELEASE WILL cause code issues.
        Only do this if you have LOTS of time to chase version-dependent bugs.

        -->
        <version>1.5.2.RELEASE</version>
    </parent>

    <scm>
        <url>https://bitbucket.org/REDACTED</url>
        <connection>scm:git:ssh://git@bitbucket.org/REDACTED.git</connection>
        <tag>REDACTED-1.0.6</tag>
    </scm>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jersey</artifactId>
        </dependency>

        <!-- JSTL for JSP -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
        </dependency>

        <!-- Need this to compile JSP -->
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-jasper</artifactId>
        </dependency>


        <!-- Apache Commons -->
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
            <version>1.11</version>
        </dependency>

        <dependency>
            <groupId>commons-net</groupId>
            <artifactId>commons-net</artifactId>
            <version>3.3</version>
        </dependency>

        <!-- File Download -->
        <dependency>
            <groupId>commons-httpclient</groupId>
            <artifactId>commons-httpclient</artifactId>
            <version>3.1</version>
        </dependency>


        <!-- File Upload -->
        <dependency>
            <groupId>commons-fileupload</groupId>
            <artifactId>commons-fileupload</artifactId>
            <version>1.3.1</version>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>2.0.1</version>
        </dependency>

        <!-- G.E.L.F Apender -->
        <dependency>
            <groupId>org.realityforge.gelf4j</groupId>
            <artifactId>gelf4j</artifactId>
            <version>1.8</version>
            <scope>runtime</scope>
            <exclusions>
                <exclusion>
                    <artifactId>log4j</artifactId>
                    <groupId>log4j</groupId>
                </exclusion>
            </exclusions>
        </dependency>

        <!-- WS.RS -->
        <dependency>
            <groupId>javax.ws.rs</groupId>
            <artifactId>javax.ws.rs-api</artifactId>
            <version>2.0</version>
        </dependency>

        <!-- Jackson JSON Processor -->
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.8.3</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
            <version>2.8.3</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-joda</artifactId>
            <version>2.8.3</version>
        </dependency>
        <dependency>
            <artifactId>jackson-jaxrs-base</artifactId>
            <groupId>com.fasterxml.jackson.jaxrs</groupId>
            <version>2.8.3</version>
        </dependency>
        <dependency>
            <artifactId>jackson-jaxrs-json-provider</artifactId>
            <groupId>com.fasterxml.jackson.jaxrs</groupId>
            <version>2.8.3</version>
        </dependency>
        <dependency>
            <artifactId>jackson-annotations</artifactId>
            <groupId>com.fasterxml.jackson.core</groupId>
            <version>2.8.3</version>
        </dependency>

        <!-- Janino -->
        <dependency>
            <groupId>org.codehaus.janino</groupId>
            <artifactId>janino</artifactId>
            <version>${janino.version}</version>
        </dependency>


        <dependency>
            <groupId>org.glassfish.jersey.core</groupId>
            <artifactId>jersey-common</artifactId>
            <version>2.17</version>
            <exclusions>
                <exclusion>
                    <artifactId>javax.inject</artifactId>
                    <groupId>org.glassfish.hk2.external</groupId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>org.glassfish.jersey.core</groupId>
            <artifactId>jersey-client</artifactId>
            <version>2.17</version>
            <exclusions>
                <exclusion>
                    <artifactId>javax.inject</artifactId>
                    <groupId>org.glassfish.hk2.external</groupId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.glassfish.jersey.media</groupId>
            <artifactId>jersey-media-json-jackson</artifactId>
            <version>2.17</version>
            <exclusions>
                <exclusion>
                    <artifactId>javax.inject</artifactId>
                    <groupId>org.glassfish.hk2.external</groupId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.glassfish.jersey.media</groupId>
            <artifactId>jersey-media-multipart</artifactId>
            <version>2.17</version>
        </dependency>


        <!-- Joda Time -->
        <dependency>
            <groupId>joda-time</groupId>
            <artifactId>joda-time</artifactId>
            <version>2.3</version>
        </dependency>

        <!-- JSR 330 -->
        <dependency>
            <groupId>javax.inject</groupId>
            <artifactId>javax.inject</artifactId>
            <version>1</version>
        </dependency>

        <!-- CACHING -->
        <dependency>
            <groupId>net.sf.ehcache</groupId>
            <artifactId>ehcache-core</artifactId>
            <version>2.6.8</version>
        </dependency>

        <!-- Security -->

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
        </dependency>

        <!-- Test -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.easymock</groupId>
            <artifactId>easymock</artifactId>
            <version>3.6</version>
            <scope>test</scope>
        </dependency>


    </dependencies>

    <build>
        <plugins>
            <!-- Spring boot -->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <addResources>true</addResources>
                    <executable>true</executable>
                    <mainClass>com.dstvo.app.REDACTEDApplication</mainClass>
                    <additionalProperties>
                        <!-- for Spring actuator /info endpoint -->
                        <info.build.artifact>${project.artifactId}</info.build.artifact>
                        <info.build.version>${project.version}}</info.build.version>
                    </additionalProperties>
                </configuration>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                        <configuration>
                            <mainClass>
                                com.dstvo.app.REDACTEDApplication
                            </mainClass>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>2.7</version>
                <configuration>
                    <delimiters>
                        <delimiter>@</delimiter>
                    </delimiters>
                    <useDefaultDelimiters>false</useDefaultDelimiters>
                </configuration>
            </plugin>

            <plugin>
                <artifactId>maven-release-plugin</artifactId>
                <version>2.4.2</version>
                <dependencies>
                    <dependency>
                        <groupId>org.apache.maven.scm</groupId>
                        <artifactId>maven-scm-provider-gitexe</artifactId>
                        <version>1.8.1</version>
                    </dependency>
                </dependencies>
            </plugin>

        </plugins>

        <resources>
            <resource>
                <directory>src/main/webapp</directory>
            </resource>
            <!--
            Something (?) is preventing spring-boot-starter-parent from passing the
            project.version and project.artifactId to application.properties, this (and the
            maven-resources-plugin above) is a workaround.
            -->
            <resource>
                <directory>${basedir}/src/main/resources</directory>
                <filtering>true</filtering>
                <includes>
                    <include>**/application*.properties</include>
                </includes>
            </resource>
        </resources>

    </build>

    <distributionManagement>
        <repository>
            <id>nexus</id>
            <name>Releases</name>
            <url>http://REDACTED/releases</url>
            <uniqueVersion>false</uniqueVersion>
            <layout>default</layout>
        </repository>
        <snapshotRepository>
            <id>nexus</id>
            <name>Snapshots</name>
            <url>http://REDACTED/sna