[英]Running a Spring Boot application on JBoss – problems ignoring endpoints
I have a requirement to run a Spring Boot (version 1.3.0.RELEASE) application on JBoss 6.4.0 server. 我需要在JBoss 6.4.0服务器上运行Spring Boot(版本1.3.0.RELEASE)应用程序。
Initially, the following problem was encountered, and a solution was added following the author's advice. 最初,遇到以下问题,并根据作者的建议添加了解决方案。
http://ilya-murzinov.github.io/articles/spring-boot-jboss/ http://ilya-murzinov.github.io/articles/spring-boot-jboss/
I am still however encountering a problem. 但是我仍然遇到问题。 The application uses Spring security to manage access, and it has been configured to ignore certain paths.
该应用程序使用Spring安全性来管理访问,并且已配置为忽略某些路径。 Unfortunately, when run on JBoss, it appears that the end points set to ignore are not being picked up, and attempts to log in fail (and all other ignored end points).
不幸的是,当在JBoss上运行时,似乎没有拾取设置为忽略的端点,并且尝试登录失败(以及所有其他忽略的端点)。
Here is a sample of code showing how the end point ignores have been implemented. 下面的代码示例显示了如何实现端点忽略。 Perhaps these have been implemented incorrectly, or ordering is an issue?
也许这些实现不正确,还是订购有问题?
package com.company.product.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* The configuration class responsible for handling security
*/
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${server.servlet-path}")
private String basePath;
@Autowired
private JWTAuthenticationProvider authenticationProvider;
@Autowired
private TokenHandler tokenHandler;
/**
* Adding custom provider to global authentication manager
*
* @param auth the authentication manager
*/
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) {
auth.authenticationProvider(this.authenticationProvider);
}
@Override
public void configure(final WebSecurity web) throws Exception {
//Specifies unsecured end-points
//previous approach example
//web.ignoring().antMatchers(this.basePath + "/login")
web.ignoring().antMatchers(this.basePath + "/login/**") //end point still cannot be reached
.antMatchers(this.basePath + "/endpoint1/**")
.antMatchers(this.basePath + "/endpoint2/**")
.antMatchers(this.basePath + "/v2/endpoint3/**");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.addFilterBefore(new StatelessAuthenticationFilter(this.tokenHandler),
UsernamePasswordAuthenticationFilter.class).authorizeRequests().anyRequest().authenticated().and()
.csrf().disable();
}
}
The code works fine using its embedded Tomcat server. 使用其嵌入式Tomcat服务器,代码可以正常工作。
When we try and access the login endpoint we are getting Access Denied errors. 当我们尝试访问登录端点时,出现“拒绝访问”错误。 This endpoint should not have any security on it and we have added it as an ignored pattern to our configuration.
该端点不应具有任何安全性,我们已将其添加为配置中的忽略模式。 The ignore configuration seems to work OK for static pages such as html, but not in this case.
对于静态页面(例如html),ignore配置似乎可以正常工作,但在这种情况下不行。
The problem has been solved. 问题已经解决。 It turns out, the problem was not with Spring security.
事实证明,问题不在于Spring安全性。 A NamingException was being thrown within the org.springframework.ldap.core.ContextSource getReadOnlyContext() method, due to a missing LDAP server.
由于缺少LDAP服务器,因此在org.springframework.ldap.core.ContextSource getReadOnlyContext()方法中引发了NamingException。 Restoring this server fixed the problem.
恢复此服务器可解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.