Nic*_*las 3 java migration spring-security spring-boot springdoc-ui
我有一个 Spring Boot 2.7.6 应用程序,Spring Security 5.7.5 运行没有问题:身份验证有效,我根据角色浏览不同的页面,Swagger UI 可用等。我没有针对您的不推荐使用的警告信息。
\n我迁移到 Spring Boot 3.0.0,因此迁移到 Spring Security 6.0.0。我按照迁移指南进行操作,服务器启动没有错误。但我的网址不再有效。我的状态是 401。
\n问题#1:GET http://localhost:8080/swagger-ui/index.html导致客户端出现 401 错误。
在日志中我有一个 404:
\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG org.springframework.web.servlet.DispatcherServlet : GET "/swagger-ui/index.html", parameters={}\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.w.servlet.resource.ResourceHttpRequestHandler : Resource not found\nDEBUG org.springframework.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\npom.xml
DEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG org.springframework.web.servlet.DispatcherServlet : GET "/swagger-ui/index.html", parameters={}\nDEBUG o.s.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [static/]]\nDEBUG o.s.w.servlet.resource.ResourceHttpRequestHandler : Resource not found\nDEBUG org.springframework.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\nDEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)\nSecurityConfig班级
...\n <parent>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-parent</artifactId>\n <version>3.0.0</version>\n <relativePath /> <!-- lookup parent from repository -->\n </parent>\n ...\n <properties>\n <java.version>17</java.version>\n <jjwt.version>0.11.5</jjwt.version>\n <springdoc.version>1.6.0</springdoc.version>\n <docx4j.version>11.3.2</docx4j.version>\n </properties>\n <dependencies>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-data-jpa</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-mail</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-security</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.session</groupId>\n <artifactId>spring-session-core</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-thymeleaf</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-validation</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-starter-web</artifactId>\n </dependency>\n <dependency>\n <groupId>org.liquibase</groupId>\n <artifactId>liquibase-core</artifactId>\n </dependency>\n <dependency>\n <groupId>org.apache.commons</groupId>\n <artifactId>commons-collections4</artifactId>\n <version>4.4</version>\n </dependency>\n <dependency>\n <groupId>org.apache.commons</groupId>\n <artifactId>commons-lang3</artifactId>\n </dependency>\n <dependency>\n <groupId>org.springframework.boot</groupId>\n <artifactId>spring-boot-devtools</artifactId>\n <scope>runtime</scope>\n <optional>true</optional>\n </dependency>\n <dependency>\n <groupId>com.h2database</groupId>\n <artifactId>h2</artifactId>\n <scope>runtime</scope>\n </dependency>\n <dependency>\n <groupId>org.postgresql</groupId>\n <artifactId>postgresql</artifactId>\n <scope>runtime</scope>\n </dependency>\n <dependency>\n <groupId>org.projectlombok</groupId>\n <artifactId>lombok</artifactId>\n <optional>true</optional>\n </dependency>\n <dependency>\n <groupId>io.jsonwebtoken</groupId>\n <artifactId>jjwt-api</artifactId>\n <version>${jjwt.version}</version>\n </dependency>\n <dependency>\n <groupId>io.jsonwebtoken</groupId>\n <artifactId>jjwt-impl</artifactId>\n <version>${jjwt.version}</version>\n <scope>runtime</scope>\n </dependency>\n <dependency>\n <groupId>io.jsonwebtoken</groupId>\n <artifactId>jjwt-jackson</artifactId>\n <version>${jjwt.version}</version>\n <scope>runtime</scope>\n </dependency>\n <dependency>\n <groupId>org.springdoc</groupId>\n <artifactId>springdoc-openapi-ui</artifactId>\n <version>${springdoc.version}</version>\n </dependency>\n <dependency>\n <groupId>org.springdoc</groupId>\n <artifactId>springdoc-openapi-security</artifactId>\n <version>${springdoc.version}</version>\n </dependency>\n\xc2\xa0\n <dependency>\n <groupId>org.docx4j</groupId>\n <artifactId>docx4j-export-fo</artifactId>\n <version>${docx4j.version}</version>\n </dependency>\n <dependency>\n <groupId>org.docx4j</groupId>\n <artifactId>docx4j-JAXB-ReferenceImpl</artifactId>\n <version>${docx4j.version}</version>\n </dependency>\n <dependency>\n <groupId>jakarta.xml.bind</groupId>\n <artifactId>jakarta.xml.bind-api</artifactId>\n <version>3.0.1</version>\n </dependency>\n <dependency>\n <groupId>jakarta.xml.bind</groupId>\n <artifactId>jakarta.xml.bind-api-parent</artifactId>\n <version>3.0.1</version>\n <type>pom</type>\n </dependency>\n\xc2\xa0\n </dependencies>\n\xc2\xa0\n...\n</project>\nWebMvcConfig班级
import org.springframework.beans.factory.annotation.Autowired;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.http.HttpStatus;\nimport org.springframework.security.authentication.AuthenticationManager;\nimport org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\nimport org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;\nimport org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;\nimport org.springframework.security.core.userdetails.UserDetailsService;\nimport org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\nimport org.springframework.security.crypto.password.PasswordEncoder;\nimport org.springframework.security.web.SecurityFilterChain;\nimport org.springframework.security.web.authentication.HttpStatusEntryPoint;\nimport org.springframework.security.web.context.RequestAttributeSecurityContextRepository;\nimport org.springframework.security.web.savedrequest.HttpSessionRequestCache;\n\xc2\xa0\n@Configuration\n@EnableWebSecurity\n@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)\npublic class SecurityConfig {\n\xc2\xa0\n @Autowired\n UserDetailsService userDetailsService;\n\xc2\xa0\n @Autowired\n public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {\n authenticationManagerBuilder.getDefaultUserDetailsService();\n }\n\xc2\xa0\n // @Override\n // public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {\n // authenticationManagerBuilder.userDetailsService(this.userDetailsService)\n // .passwordEncoder(passwordEncoder());\n // }\n\xc2\xa0\n @Bean\n public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {\n return authenticationConfiguration.getAuthenticationManager();\n }\n\xc2\xa0\n @Bean\n public PasswordEncoder passwordEncoder() {\n return new BCryptPasswordEncoder();\n }\n\xc2\xa0\n @Bean\n SecurityFilterChain filterChain(HttpSecurity http) throws Exception {\n // @formatter:off\n http\n .headers()\n .frameOptions().disable()\n .and()\n .cors()\n .and()\n .csrf().disable()\n .exceptionHandling()\n .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)).and()\n .formLogin().disable()\n .authorizeHttpRequests(authz -> authz.requestMatchers("/api/*/auth/**").permitAll()\n .requestMatchers("/api/*/public/**").permitAll()\n .requestMatchers("/api/*/catalogs/*/documents/*/file").permitAll()\n .requestMatchers(req -> req.getRequestURI()\n .contains("swagger-ui")).permitAll()\n .anyRequest().authenticated());\n // @formatter:on\n\xc2\xa0\n return http.build();\n }\n\xc2\xa0\n @Bean\n public WebSecurityCustomizer webSecurityCustomizer() {\n return (web) -> web.ignoring()\n .requestMatchers(req -> req.getRequestURI()\n .contains("mail-images"))\n .requestMatchers(req -> req.getRequestURI()\n .contains("api-docs"))\n // .requestMatchers(req -> req.getRequestURI()\n // .contains("swagger-ui"))\n .requestMatchers(req -> req.getRequestURI()\n .contains("h2-console"));\n }\n}\n我尝试了一些不同的配置
\n你有搜索线索吗,因为我在多次尝试后已经枯竭了?
\n我找到了解决方案:对于 spring boot 3,它似乎使用 springdoc-openapi-starter-webmvc-ui (https://springdoc.org/v2/)。我添加了以下依赖项,现在我可以使用 swagger
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
<version>2.0.2</version>
</dependency>
依赖 springdoc-openapi-ui 不适用于 spring boot 3.我remo
| 归档时间: |
|
| 查看次数: |
2587 次 |
| 最近记录: |