我似乎无法使我的安全配置正确.无论我在使用hasRole时做什么,我的端点总是返回403.
除非我在.requestMatchers()和.authorizeRequests()下复制我的antMatchers,否则我无法工作.我在这里显然遗漏了一些东西.
基本上我希望一切都要求身份验证,但只有一些端点只有在用户是某些组的成员时才可访问(现在只是管理员).
我的安全配置如下. hasRole旁边的所有东西都有效.
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.requestMatchers()
.antMatchers(HttpMethod.GET,"/v2/api-docs","/swagger-resources/**","/swagger-ui.html")
.antMatchers(HttpMethod.GET,"/users")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/swagger-ui.html").permitAll()
.antMatchers(HttpMethod.GET,"/users").hasRole("ADMIN")
.anyRequest().authenticated();
}
// Inspiration: https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#comment-2416096114
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(HttpMethod.OPTIONS,"/**");
}
}
我的AuthenticationConfiguration如下
@Configuration
@EnableResourceServer
public class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {
private final UserDetailsService userService;
private final PasswordEncoder passwordEncoder;
public AuthenticationConfiguration(UserDetailsService userService,PasswordEncoder passwordEncoder) {
this.userService = userService;
this.passwordEncoder = passwordEncoder;
}
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userService)
.passwordEncoder(passwordEncoder);
}
}
我的AuthorizationServerConfiguration如下
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private final AuthenticationManager authenticationManager;
public AuthorizationServerConfiguration(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("html5")
.secret("password")
.authorizedGrantTypes("password")
.scopes("openid");
}
}
我很高兴发布我的用户服务和其他东西.但是一切似乎都在hasRole和Principal旁边加载了正确的权限(角色).但如果我要发布更多代码,请告诉我.
最佳答案
您是否尝试使用“ROLE_ADMIN”而不仅仅是“ADMIN”?看看这个参考:
原文地址:https://www.jb51.cc/spring/432134.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
