我正在使用spring security 5和spring boot 2.0.0
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/hello").permitAll()
.anyRequest().authenticated();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
server.port=9090
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/dev_db
spring.datasource.username=sa
spring.datasource.password=
spring.flyway.url=jdbc:mysql://localhost:3306/dev_db
spring.flyway.user=sa
spring.flyway.password=
spring.flyway.baselineVersion=1
spring.flyway.baseline-on-migrate=false
spring.messages.basename=messages
spring.messages.cache-duration=-1
spring.messages.encoding=UTF-8
spring.security.user.name=user
spring.security.user.password=password
logging.level.org.springframework.security=DEBUG
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head><title>Hello World!</title></head>
<body>
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
<form th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body></html>
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<title>Login page</title>
</head><body>
<h1>Login page</h1>
<p>Example user: user / password</p>
<form th:action="@{/login}" method="post">
<p th:if="${loginError}"><em>Username or password is wrong.</em></p>
<p><label for="username">Username</label>:
<input type="text" id="username" name="username" autofocus="autofocus" /></p>
<p><label for="password">Password</label>:
<input type="password" id="password" name="password" /></p>
<p><input type="submit" value="Log in" /></p>
</form>
<p><a th:href="@{/signup}">Sign up</a></p>
<p><a th:href="@{/}">Back to index</a></p></body></html>
buildscript {
ext {
springBootVersion = '2.0.0.RELEASE'
}
repositories {
mavenCentral()
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/milestone" }
maven { url 'http://jcenter.bintray.com' }
maven { url 'https://mvnrepository.com/artifact/com.opencsv/opencsv' }
}
dependencies {
classpath("io.spring.gradle:dependency-management-plugin:1.0.4.RELEASE")
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
classpath("mysql:mysql-connector-java:5.1.45")
classpath ("org.junit.platform:junit-platform-gradle-plugin:1.1.0")
}
}
plugins {
id "org.flywaydb.flyway" version "5.0.6"
}
flyway {
url = "jdbc:mysql://localhost:3306/dev_db"
user = "sa"
password = ""
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'org.springframework.boot'
apply plugin: 'org.junit.platform.gradle.plugin'
group = 'com.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
repositories {
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/plugins-release" }
maven { url "https://repo.spring.io/milestone" }
maven { url "https://repository.jboss.org/nexus/content/repositories/releases" }
mavenCentral()
}
allprojects {
gradle.projectsEvaluated {
tasks.withType(JavaCompile) {
options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
}
}
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-aop')
compile('org.springframework.boot:spring-boot-starter-hateoas')
compile('org.springframework.boot:spring-boot-starter-thymeleaf')
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.boot:spring-boot-starter-webflux')
compile('org.springframework.boot:spring-boot-starter-jdbc')
compile('org.springframework.data:spring-data-commons')
compile('org.springframework.boot:spring-boot-starter-data-jpa')
compile("org.springframework.boot:spring-boot-starter-security")
compile('org.flywaydb:flyway-core:5.0.7')
compile('org.flywaydb.flyway-test-extensions:flyway-spring5-test:5.0.0')
compile('mysql:mysql-connector-java:5.1.45')
compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.1')
compile('org.slf4j:slf4j-api:1.7.+')
compile('org.slf4j:log4j-over-slf4j:1.7.+')
compile('org.slf4j:jcl-over-slf4j:1.7.+')
compile('net.sf.dozer:dozer:5.5.1')
compile('ch.qos.logback:logback-classic:1.2.3')
compile('com.opencsv:opencsv:4.1')
compile ('com.fasterxml.jackson.core:jackson-databind')
runtime('org.springframework.boot:spring-boot-devtools')
runtime('mysql:mysql-connector-java:5.1.45')
testCompile('org.springframework.boot:spring-boot-starter-test')
testCompile('io.projectreactor:reactor-test')
testRuntime("org.junit.jupiter:junit-jupiter-engine")
testRuntime('mysql:mysql-connector-java:5.1.45')
}
我有一个测试配置文件。
package com.example;
@Configuration
@ComponentScan(basePackages = {"com.example"})
public class TestWebConfig implements WebMvcConfigurer, ApplicationContextAware {
private ApplicationContext applicationContext;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
}
我有springBootApplication文件。
@EntityScan({"com.example.stock","com.example.item"})
@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})
public class WebApplication {
public static void main(String[] args) {
SpringApplication.run(WebApplication.class, args);
}
@Bean
public MessageSource messageSource() {
ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
messageSource.setBasename("classpath:messages");
messageSource.setDefaultEncoding("UTF-8");
return messageSource;
}
@Bean
public LocalValidatorFactoryBean validator() {
LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();
bean.setValidationMessageSource(messageSource());
return bean;
}
}
安全日志在下面
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /logout
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /login
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 8 of 14 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - pathInfo: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - queryString: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - requestURI: arg1=/; arg2=/hello (property not equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /hello; Attributes: [authenticated]
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@a3ce3d, returned: -1
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:204)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/hello' matched by universal pattern '/**'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/hello'; against '/**/favicon.ico'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing */*;q=0.8
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Ignoring
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Did not match any media types
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:9090/hello]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xhtml+xml .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - image/* .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/html .isCompatibleWith text/html = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@816fe85
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:9090/login'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.348 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /logout
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
似乎您的安全配置根本就没有得到。你有
@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})
在你的主课上。您的安全配置在包com.example
中。因此不会创建该类的bean,也不会应用配置。
问题内容: 这是我的情况: 一个Web应用程序对许多应用程序执行某种SSO 登录的用户,而不是单击链接,该应用就会向正确的应用发布包含用户信息(名称,pwd [无用],角色)的帖子 我正在其中一个应用程序上实现SpringSecurity以从其功能中受益(会话中的权限,其类提供的方法等) 因此,我需要开发一个 自定义过滤器 -我猜想-能够从请求中检索用户信息,通过自定义 DetailsUserSe
是否可以使用WLST脚本或通过其他自动化方式启用WebLogic摘要身份验证? 我正在使用正式的Oracle WebLogic docker映像,并在映像构建期间使用WLST脚本对其进行配置。但是,我没有找到使用WLST启用摘要密码的方法。此外,在管理控制台上手动启用它需要重新启动,这实际上会破坏容器,因为WebLogic进程是入口点。 如何在图像生成期间自动启用摘要?
我想使用基本身份验证调用keydrope Rest API。为了做到这一点,我尝试了下面的答案,但缺少链接。 我已将客户端访问类型设置为机密,并启用了直接访问授权。 显然,需要在Java适配器配置中指定启用基本身份验证,但我看不出这是如何实现的。文档中提到它是一个JSON文件,听起来像是我将其作为配置添加到Keyclope目录中。 最后,我看到有人提到使用生成的秘密。我可以在选项卡中生成一个秘密,
我需要对Web服务(SOAP)应用SSL“相互身份验证”和对网页应用“单向身份验证”,以避免浏览器中存在证书。对于informationg,GUI和SOAP Webservices位于同一个war模块中。 我在Tomcat容器级别使用了SSL相互身份验证: clientAuth=“true”意味着在接受连接之前,客户端(从浏览器和web服务使用者)应该提供有效的证书链。我知道,通过使用client
问题内容: 因此,我正在使用RESTeasy和Google App Engine开发REST Web服务。我的问题与GAE无关,但我提到它只是为了以防万一。碰巧的是,我自然需要保护自己的资源和我自己的用户(而不是Google的用户)。 REST Web服务的安全似乎是一个很有争议的主题,或者至少是一个非常“自由的”主题。REST对此没有施加任何标准。根据我在网络和文献上的研究,至少有3种方法适合我
搜索了几天后,我仍然不知道如何让我的laravel web应用程序与azure ad auth一起工作。我希望人们通过azure广告登录。如何做到这一点,我可以从哪里开始?非常感谢任何帮助。