我花了2天时间解决这个问题。我有一个弹簧休息应用程序。无论 url 是否正确,我总是得到状态 200。这样控制器类就永远不会被使用(调试不会在其内部的制动点上停止)是否有任何解决方案可以解决我遇到的问题?这是一个 WebSecurityConfiguration
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
protected void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.antMatchers("/logout").authenticated()
.antMatchers("/admin**/**").access("hasRole('ADMIN')")
.antMatchers("/leader**/**").access("hasRole('LEADER')")
.antMatchers("/user**/**").access("hasRole('LEADER') or hasRole('USER')")
.antMatchers("/askhelp").authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.successHandler(authenticationSuccessHandler) …