Spring 引导应用程序端点 returns 403

Spring Boot application endpoint returns 403

我是 Spring 引导新手,目前卡住了。我遵循了这个 (https://github.com/AppDirect/service-integration-sdk/wiki) 教程,因为我想实现一个将自身集成到 AppDirect 中的应用程序。在日志中,我可以看到端点已创建并映射:

2018-10-29 16:32:48.898  INFO 8644 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/v1/integration/processEvent],methods=[GET],produces=[application/json]}" onto public org.springframework.http.ResponseEntity<com.appdirect.sdk.appmarket.events.APIResult> com.appdirect.sdk.appmarket.events.AppmarketEventController.processEvent(javax.servlet.http.HttpServletRequest,java.lang.String)

但是当我尝试使用浏览器或 Http-Requester 访问端点 (http://localhost:8080/api/v1/integration/processEvent) 时,我得到以下响应: {时间戳":"2018-10-29T08:50:13.252+0000","status":403,"error":"Forbidden","message":"Access Denied", "path":"/api/v1/integration/processEvent"}

我的 application.yml 看起来像这样:

connector.allowed.credentials: very-secure:password

server:
  use-forward-headers: true
  tomcat:
    remote_ip_header: x-forwarded-for

endpoints:
  enabled: true
  info:
    enabled: true
    sensitive: false
  health:
    enabled: true
    sensitive: false
    time-to-live: 5000

info:
  build:
    name: @project.name@
    description: @project.description@
    version: @project.version@

这是我的 Application.java:

package de.....;

import java.nio.charset.Charset;
import java.util.Collections;
import java.util.List;

import org.springframework.boot.SpringApplication;
import org.springframework.http.MediaType;
import org.springframework.http.converter.FormHttpMessageConverter;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

public class Application extends WebMvcConfigurerAdapter {
    public static void main(String... args) {
        SpringApplication.run(RootConfiguration.class, args);
    }

    /**
     * Hack to make Spring Boot @Controller annotated classed to recognize the 'x-www-form-urlencoded' media type
     *
     * @param converters
     */
    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
        FormHttpMessageConverter converter = new FormHttpMessageConverter();
        MediaType mediaType = new MediaType("application", "x-www-form-urlencoded", Charset.forName("UTF-8"));
        converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
        converters.add(converter);
        super.configureMessageConverters(converters);
    }
}

这是 RootConfiguration.java:

package de.....;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

import com.appdirect.sdk.ConnectorSdkConfiguration;
import com.appdirect.sdk.appmarket.DeveloperSpecificAppmarketCredentialsSupplier;
import com.appdirect.sdk.credentials.StringBackedCredentialsSupplier;

import de.....;

@Configuration
@Import({
    ConnectorSdkConfiguration.class,
    EventHandlersConfiguration.class
})
@EnableAutoConfiguration
public class RootConfiguration {

    @Bean
    public DeveloperSpecificAppmarketCredentialsSupplier environmentCredentialsSupplier(@Value("${connector.allowed.credentials}") String allowedCredentials) {
        return new StringBackedCredentialsSupplier(allowedCredentials);
    }
}

感谢任何帮助,因为密集的 googleing 没有帮助。 提前致谢。

添加以下 class 并在 Application.java 中注册解决了我的问题:

package de.......;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().antMatchers("/").permitAll();
    }

}