My ultimate goal is the use the h2db-web-console in my application, as part of my local dev environment.

我的最终目标是在我的应用程序中使用h2db-web-控制台，作为我本地开发环境的一部分。

I'm getting the error:

我得到了一个错误：

Caused by: java.lang.IllegalArgumentException: This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher).

This is because there is more than one mappable servlet in your servlet context: {org.h2.server.web.JakartaWebServlet=[/my-h2-console/*], org.springframework.web.servlet.DispatcherServlet=[/]}.

For each MvcRequestMatcher, call MvcRequestMatcher#setServletPath to indicate the servlet path.

While this sounds pretty descriptive it drives me crazy, since it appears it doesn't matter which path I use for JakartaWebServlet=[/my-h2-console/*], since DispatcherServlet=[/] simply matches everything. that starts with "/"...which is everything.

虽然这听起来很有描述性，但它让我抓狂，因为对于JakartaWebServlet=[/my-h2-console/*]，我使用哪条路径似乎并不重要，因为DispatcherServlet=[/]只匹配所有内容。它以“/”开头……这就是一切。

...please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher)...

Well, those are deprecated with Spring 3.x.x patchnotes so I've tried using the RequestMatcher(this should be automatically be used with 'authorize') instead.

这些在Spring3.x.x补丁笔记中已经过时了，所以我尝试使用RequestMatcher(应该自动与‘Authorize’一起使用)。

Security-Config

安全-配置

    @Bean
    @Order(GENERAL_SECURITY_CONFIGURATION_ORDER)
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http {
            ...
            }
            securityMatcher("/**")
            headers { frameOptions { disable() } }
            csrf { ignoringRequestMatchers("/my-h2-console/**") }

            authorizeRequests {
                authorize("/my-h2-console/**", permitAll)
                authorize("/ping", permitAll)
                authorize("/**", denyAll)
            }
        }
        return http.build()
    }

pom.xml

Pom.xml

        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope> <!-- Should be "test", revert later -->
        </dependency>

application.yml

Application.yml

spring:
  h2:
    console:
      enabled: true
      path: /my-h2-console
      settings:
        trace: false
        web-allow-others: false
  datasource:
    url: jdbc:h2:mem:testdb
    driverClassName: org.h2.Driver
    username: sa
    password:
  jpa:
    database-platform: org.hibernate.dialect.H2Dialect
  sql:
    init:
      mode: embedded
      schema-locations: classpath:sql/schema.testdb.local.sql

Please keep in mind, I'm new to spring-boot in general, so please be gentle. Any kind of information regarding this topic is kindly appreciated. :)

请记住，我是新的春天启动一般，所以请温柔。关于这个主题的任何类型的信息都非常感谢。：）

I tried:

我试过：

• changing the paths/names of the servlets as stated above


• changed the scope of my H2DB


• Tried different configurations in my Security-Config

=> Only turning off/on

=>仅关闭/打开

spring:
  h2:
    console:
      enabled: true

seems to bring any change.

似乎不会带来任何改变。

This configuration helped me to resolve H2 issue:

此配置帮助我解决了h2问题：

@Configuration
public class SecurityConfig {

    // My enpdoints start from /v1 so this pattern is ok for me
    private static final String API_URL_PATTERN = "/v1/**";

    @Bean
    public SecurityFilterChain getSecurityFilterChain(HttpSecurity http,
                                                      HandlerMappingIntrospector introspector) throws Exception {
        MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector);

        http.csrf(csrfConfigurer ->
                csrfConfigurer.ignoringRequestMatchers(mvcMatcherBuilder.pattern(API_URL_PATTERN),
                        PathRequest.toH2Console()));

        http.headers(headersConfigurer ->
                headersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin));

        http.authorizeHttpRequests(auth ->
                auth
                        .requestMatchers(mvcMatcherBuilder.pattern(API_URL_PATTERN)).permitAll()
                        //This line is optional in .authenticated() case as .anyRequest().authenticated()
                        //would be applied for H2 path anyway
                        .requestMatchers(PathRequest.toH2Console()).authenticated()
                        .anyRequest().authenticated()
        );

        http.formLogin(Customizer.withDefaults());
        http.httpBasic(Customizer.withDefaults());

        return http.build();
    }
}

More info.

更多信息。

Updated code for H2 console to work properly in browser.

更新了H2控制台的代码，以便在浏览器中正常工作。

Also PathRequest.toH2Console() could be used instead of AntPathRequestMatcher.antMatcher("/h2-console/**")

此外，还可以使用PathRequest.toH2控制台()来代替AntPathRequestMatcher.antMatcher(“/h2-console/**”)

how about try antMatcher?
i don't know kotlin but I hope it helps

试试antMatcher怎么样？我不认识Kotlin，但我希望它能帮上忙

 authorizeRequests {
            authorize(antMatcher("/my-h2-console/**"), permitAll)
            //...
        }

@Denis Korolev this solved it, thank you!

@丹尼斯·科罗廖夫解决了这个问题，谢谢！

 @Bean
    fun securityFilterChainTestEnv(http: HttpSecurity): SecurityFilterChain {
        http {
                ...
            }

            headers { frameOptions { disable() } }
            csrf { ignoringRequestMatchers(AntPathRequestMatcher("/h2-console/**")) }

            http.authorizeHttpRequests { httpSecurity ->
                val mvcIntrospector = HandlerMappingIntrospector()
                httpSecurity
"/ping-test")).permitAll()
                    .requestMatchers(AntPathRequestMatcher("/h2-console/**")).permitAll()
                    .anyRequest().denyAll()
            }
        }
        return http.build()
    }