[英]Spring Security ignoring context-path
Controller Controller
@GetMapping("/api/data")
String response(){
}
application.properties应用程序属性
server.servlet.context-path=/v1
Spring secuity Spring 安全
http.authorizeRequests().anyMatcher("/v1/**").authenicated()
Here authentication is not happening.这里没有发生身份验证。 I believe, spring-security is ignoring the context-path thats been configured in the application.properties.
我相信, spring-security 忽略了在 application.properties 中配置的上下文路径。 Why is spring-security ignoring the context path.
为什么 spring-security 忽略上下文路径。 How to fix this?
如何解决这个问题?
For the above image, I expected a 401 since the v1/** is supposed to be authorised对于上面的图像,我预计会出现 401,因为应该授权 v1/**
This is working fine,这工作正常,
http.authorizeRequests().anyMatcher("/**").authenicated()
Turn ON the debug for Spring Security, then you would understand what's happening.打开 Spring Security 的调试,然后你就会明白发生了什么。
@EnableWebSecurity(debug = true)
When,什么时候,
server.servlet.context-path=/v1
Generated Request:生成的请求:
Request received for GET '/api/data':
servletPath:/api/data
pathInfo:null
When,什么时候,
spring.mvc.servlet.path=/v1
Generated Request:生成的请求:
Request received for GET '/v1/api/data':
servletPath:/v1
pathInfo:/api/data
Go with servlet-path for what you are trying to implement... Go 带有 servlet-path,用于您尝试实现的内容......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.