Spring 匿名用戶的安全和 RequestCache
[英]Spring Security and RequestCache with Anonymous User
問題描述
那是我的安全配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.requestCache().requestCache(new CustomRequestCache())
.and().authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().hasAnyAuthority(Role.getAllRoles())
.and().formLogin().loginPage(LOGIN_URL).permitAll()
.loginProcessingUrl(LOGIN_PROCESSING_URL)
.failureUrl(LOGIN_FAILURE_URL)
.successHandler(new SavedRequestAwareAuthenticationSuccessHandler())
.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
}
問題是當我從/導航到受保護的 URL 時不會調用 CustomRequestCache,因此 SavedRequestAwareAuthenticationSuccessHandler 在登錄后不會重定向到請求的頁面。
我假設這是因為 permitAll 創建了一個匿名用戶。
我必須如何配置 Spring 安全性才能使 SavedRequestAwareAuthenticationSuccessHandler 工作?
1 個解決方案
解決方案1
1 已采納 2020-05-06 17:27:28
作為答案發布,以便我可以包含我的代碼。 我嘗試重新創建您的設置,這是我的安全配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String THE_AUTHORITY = "ROLE_ONE";
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("user")).authorities(THE_AUTHORITY);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable()
.requestCache().requestCache(new CustomRequestCache())
.and().authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().hasAnyAuthority(THE_AUTHORITY)
.and().formLogin().loginPage("/login").permitAll()
.loginProcessingUrl("/login")
.failureUrl("/")
.successHandler(new SavedRequestAwareAuthenticationSuccessHandler())
.and().logout().logoutSuccessUrl("/");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
和我的 controller
@RestController
public class TestController {
@GetMapping("/test")
public String getTest() {
return "You did it!";
}
@GetMapping("/")
public String getRoot() {
return "<a href=/test>Go to test</a>";
}
@GetMapping("/login")
public String getLogin() {
return "<form action=/login method=POST><input name=username /><input name=password /><input type=submit /></form>";
}
}
我可以打開它,導航到/ ,單擊指向/test的鏈接,此時我被重定向到登錄表單。 登錄后,我被重定向到/test 。
這是我的 CustomReuqestCache:
public class CustomRequestCache extends HttpSessionRequestCache {
@Override
public void saveRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
System.out.println("Saving request to " + httpServletRequest.getRequestURI());
super.saveRequest(httpServletRequest, httpServletResponse);
}
@Override
public HttpServletRequest getMatchingRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
System.out.println("Returning request for " + httpServletRequest.getRequestURI());
return super.getMatchingRequest(httpServletRequest, httpServletResponse);
}
}
Spring安全匿名用戶和具有彈簧安全性的經過身份驗證的用戶
[英]spring secuirty anonymous user and authenticated user with spring security
Java Spring安全過濾器在匿名用戶時公開PUT和POST
[英]Java spring security filter discarting PUT and POST when anonymous user
成功驗證后,Spring Security 返回匿名用戶
[英]Spring Security returning anonymous user after successful authenticaiton
Spring Boot Security - 默認映射的匿名用戶訪問/
[英]Spring Boot Security - Anonymous User access on default mapping /
如何僅在 Spring Security 中允許來自 localhost 的匿名用戶訪問?
[英]How to allow anonymous user access from localhost only in Spring security?
Spring Security - 訪問被拒絕(用戶不是匿名的)spring-security-core-4.0.3.RELEASE
[英]Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
春季4安全訪問被拒絕(用戶不是匿名的)
使用Spring Security的匿名用戶計數
Spring安全匿名用戶和具有彈簧安全性的經過身份驗證的用戶
Java Spring安全過濾器在匿名用戶時公開PUT和POST
Spring Security匿名用戶可以訪問每個URL
成功驗證后,Spring Security 返回匿名用戶
Spring Boot Security - 默認映射的匿名用戶訪問/
如何僅在 Spring Security 中允許來自 localhost 的匿名用戶訪問?
Spring Security - 訪問被拒絕(用戶不是匿名的)spring-security-core-4.0.3.RELEASE
Spring安全 - 允許匿名訪問
相關標簽