[英]Spring Boot Security: How to skip login for localhost?
My working spring boot SecurityConfig currently looks like this:我的工作 spring 启动 SecurityConfig 目前看起来像这样:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/img/**", "/error", "/webjars/**", "/login", "**/favicon.ico").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().failureUrl("/login?state=badauth")
.loginPage("/login")
.loginProcessingUrl("/processLogin")
.successHandler(successHandler())
.failureHandler(failureHandler())
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?state=loggedout");
;
}
I am trying to allow users on the localhost to gain access to all resources without logging in. I have tried to insert the following into various locations within the chain:我试图让本地主机上的用户无需登录即可访问所有资源。我尝试将以下内容插入到链中的各个位置:
.antMatchers("/**").access("hasIpAddress(\"127.0.0.1\") or hasIpAddress(\"::1\")")
Which always causes non-localhost access to fail with a forbidden.这总是会导致非本地主机访问因禁止而失败。
How can I bypass login for users on the localhost only?如何仅绕过本地主机上的用户登录?
Try this尝试这个
DemoApplication.java DemoApplication.java
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
TestController.java测试控制器.java
@RestController
public class TestController {
@GetMapping("/secured")
public ResponseEntity secured() {
return ResponseEntity.ok("Access granted");
}
}
WebSecurityConfig.java WebSecurityConfig.java
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**")
.access("hasIpAddress('127.0.0.1') or hasIpAddress('::1') or isAuthenticated()") // 127.0.0.1 and localhost do not need to authenticate on any url
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("password"))
.authorities("ROLE_USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Try to add hasIpAddress() before authenticated like this:尝试在像这样进行身份验证之前添加 hasIpAddress() :
.antMatchers("/**").hasIpAddress("127.0.0.1").anyRequest().authenticated();
You can try disabling default security in Spring Boot by adding this line in application.properties
file of your local/dev profile:您可以尝试通过在本地/开发配置文件的
application.properties
文件中添加以下行来禁用 Spring 引导中的默认安全性:
security.basic.enabled=false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.