gpt4 book ai didi

java - Spring Security 身份验证被忽略

转载 作者:行者123 更新时间:2023-12-01 13:27:36 25 4
gpt4 key购买 nike

你好,Stackoverflower,

我在 Spring Security 方面遇到了问题。在您继续申请之前应该出现的登录框不会出现,我可以在没有任何身份验证的情况下访问我的申请。我不知道为什么会发生这种情况。了解为什么不询问用户和密码非常重要。

我使用 Firefox 的 RESTCLient Add on 测试我的应用程序。

web.xml 中的重要条目如下所示:

<!--    Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>

<!-- Spring Json Init -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
<servlet-name>json</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>json</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

我的 Spring 安全是:

<!-- Security Propertie Configuration -->
<security:http use-expressions="true">
<security:http-basic/>
</security:http>

<security:authentication-manager>
<security:authentication-provider
ref="springUserService" />
</security:authentication-manager>

springUserService 看起来像这样:

@组件公共(public)类 springUserService 实现 AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
List<GrantedAuthority> grantedAuths = new ArrayList<>();
return new UsernamePasswordAuthenticationToken(name, password, grantedAuths);

}

@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

}

我非常感谢每一个提示或答案。

最佳答案

我认为你需要在 spring 安全配置中添加一些拦截 url 标签:

<security:intercept-url pattern="/securedUrl" access="isAuthenticated()" />
<security:intercept-url pattern="/login" access="permitAll" />

因此,将您的代码更改为如下所示:

<security:http use-expressions="true">
<security:intercept-url pattern="/securedUrl" access="isAuthenticated()" />
<security:intercept-url pattern="/login" access="permitAll" />
</security:http>

您还可以在模式属性或自定义访问评估中使用通配符:

<intercept-url pattern="/url1/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')"/> 
<intercept-url pattern="/url2/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />

关于java - Spring Security 身份验证被忽略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21734225/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com