请求匹配器无法允许允许的路径

Question

请求匹配器无法允许允许的路径

Alt*_*taf 1 java spring-security spring-boot

我正在按照旧的教程来实现 Spring Security。不幸的是，antMatchers在我的配置类中没有被识别为方法，因此在做了一些研究之后，我相信requestMatchers方法是它的等价物。然而，未经身份验证，路径 ( /) 仍处于阻塞状态。我愿意允许这样做。

这是我的控制器：

package com.quadri.springsecurity.controllers;

import java.util.Arrays;
import java.util.List;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.quadri.springsecurity.models.Student;

@RestController
@RequestMapping("api/v1/students")
public class StudentController {

    private static final List<Student> STUDENTS = Arrays.asList(
        new Student(1, "James Bond"),
        new Student(2, "Maria Jones"),
        new Student(3, "Anna Smith")
    );

    @GetMapping(path = "{studentId}")
    public Student getStudent(@PathVariable("studentId") Integer studentId) {
        return STUDENTS.stream()
        .filter(student -> studentId.equals(student.getStudentId()))
        .findFirst()
        .orElseThrow(() -> new IllegalStateException("Student " + studentId + " does not exist!"));
    }
}

Run Code Online (Sandbox Code Playgroud)

这是我的配置文件：

package com.quadri.springsecurity.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests()
                .requestMatchers( "resources/**", "/").permitAll()
                .anyRequest().authenticated()
                .and()
            .httpBasic();
        
        return http.build();
    }
}

Run Code Online (Sandbox Code Playgroud)

在我的 resources/static 文件夹中，我创建了一个简单的 html 页面 ( index.html)，显示 hello world。在教程中，RequestMapping没有改变，但是它们.antMatcher在配置文件中使用，这在 Spring Security 中不是公认的方法，至少在我使用的版本中是这样。这是我的POM供参考：

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.0.1</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.quadri</groupId>
    <artifactId>spring-security</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>spring-security</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

Run Code Online (Sandbox Code Playgroud)

确保允许主页或“/” URL 的正确方法是什么？

Answer 1

小智 5

您应该允许index.html请求HttpSecurity匹配器进行/自动重定向index.html，并且没有定义用于index.html给出身份验证提示的允许规则。以下设置应该有效：

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    http
        .authorizeHttpRequests()
            .requestMatchers( "/resources/**", "/", "/index.html").permitAll()
            .anyRequest().authenticated()
            .and()
        .httpBasic();

    return http.build();
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	3 年，1 月前
查看次数：	6480 次
最近记录：	3 年，1 月前