[英]REST Mapping problems when using Springboot Auth and Jboss EAP 7.1
我目前正在与JBOSS一起使用org.springframework.security ,并且在部署.war时无论如何都拒绝所有请求(即使我们允许在配置中使用“ / login”服务)。 无论我们做什么,前端都会不断变得“未经授权”,这是我们的配置:
package com.leasys.safo.supplychain.wssupplychain.configuration;
import static org.springframework.http.HttpStatus.FORBIDDEN;
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import com.leasys.safo.supplychain.wssupplychain.security.NoRedirectStrategy;
import com.leasys.safo.supplychain.wssupplychain.security.TokenAuthenticationFilter;
import com.leasys.safo.supplychain.wssupplychain.security.TokenAuthenticationProvider;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(
// new AntPathRequestMatcher("/**")
new AntPathRequestMatcher("/login")
);
private static final RequestMatcher PROTECTED_URLS = new NegatedRequestMatcher(PUBLIC_URLS);
@Autowired
private TokenAuthenticationProvider authenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authenticationProvider);
}
@Override
public void configure(WebSecurity web) {
web.ignoring().requestMatchers(PUBLIC_URLS);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.exceptionHandling()
.defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS)
.and()
.authenticationProvider(authenticationProvider)
.addFilterBefore(restAuthenticationFilter(), AnonymousAuthenticationFilter.class)
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.logout().disable();
}
@Bean
TokenAuthenticationFilter restAuthenticationFilter() throws Exception {
TokenAuthenticationFilter filter = new TokenAuthenticationFilter(PROTECTED_URLS);
filter.setAuthenticationManager(authenticationManager());
filter.setAuthenticationSuccessHandler(successHandler());
return filter;
}
@Bean
SimpleUrlAuthenticationSuccessHandler successHandler() {
SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler();
successHandler.setRedirectStrategy(new NoRedirectStrategy());
return successHandler;
}
@Bean
FilterRegistrationBean disableAutoRegistration(TokenAuthenticationFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean(filter);
registration.setEnabled(false);
return registration;
}
@Bean
AuthenticationEntryPoint forbiddenEntryPoint() {
return new HttpStatusEntryPoint(FORBIDDEN);
}
}
关于如何解决问题的任何想法?
问题解决了,仍然有JBPM xml文件对REST服务的映射有误,我只需要删除该文件即可使一切恢复正常。
HTTP 部署到 jboss EAP 7.1 时,此 URL 不支持发布方法
[英]HTTP Post method not supported by this URL when deployed to jboss EAP 7.1
将 xerces 与 JBOSS EAP 7.1 一起使用时 XSD 1.1 验证失败
[英]XSD 1.1 validation failure upon using xerces with JBOSS EAP 7.1
JBoss EAP 6.4-> 7.1使用休眠4而不是默认的休眠5
[英]JBoss EAP 6.4 -> 7.1 Using hibernate 4 instead of default hibernate 5
Shiro 1.3.2和JBoss EAP 7.1组合可立即终止该会话
[英]Session Expires Immediately With Shiro 1.3.2 and JBoss EAP 7.1 Combination
JBoss EAP 7.1:ActiveMQ配置-具有属性JMS的MDB不使用消息
[英]JBoss EAP 7.1: ActiveMQ configuration - MDB with properties JMS not consuming message
Spring JMS 无法连接到 JBoss EAP 7.1 ActiveMq Artemis
[英]Spring JMS can't connect to JBoss EAP 7.1 ActiveMq Artemis
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.