为什么端点没有响应?
Why endpoint does't response?
我有 spring 内存中保存用户的安全配置。用户有什么规则,其中之一是sa\sa。如果一切正常(端点可访问)有几个控制器 return Ok 消息,通过 urls /test 和 /start 调用 get 请求
Spring-仅安全保护/测试端点
Spring-安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("sa")
.password("{noop}sa")
.roles("USER", "USER_ROLE")
.and()
.withUser("na")
.password("na")
.roles("USER", "USER_ROLE");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/test").hasAnyRole("ROLE_USER", "USER", "USER_ROLE")
.and()
.csrf().disable();
}
}
Yaml 配置:
spring:
datasource:
username: user
password: user
driverClassName: org.h2.Driver
security:
basic:
enabled: true
因此,当我通过邮递员向 /start 发送获取请求时 - return 响应正常,如果尝试调用 /test - 无法访问。
我这样使用邮递员:
所以,问题是,为什么我无法从 /test 端点获得响应(无法访问此 url)?
拒绝的错误日志
2022-04-03 21:43:19.854 DEBUG 8872 --- [nio-8080-exec-2]
o.s.s.w.s.HttpSessionRequestCache : Saved request
http://localhost:8080/test to session 2022-04-03 21:43:19.854 DEBUG
8872 --- [nio-8080-exec-2] o.s.s.w.a.Http403ForbiddenEntryPoint :
Pre-authenticated entry point called. Rejecting access 2022-04-03
21:43:19.856 DEBUG 8872 --- [nio-8080-exec-2]
w.c.HttpSessionSecurityContextRepository : Did not store empty
SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 ---
[nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not
store empty SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 ---
[nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared
SecurityContextHolder to complete request
我认为您的过滤器链中缺少身份验证机制(例如 http.httpBasic()。请注意,spring.security.basic.enabled 属性 不是在最新版本中启用 HTTP Basic 的正确方法Spring 安全版本。
查看参考文档中 Hello Security 示例的 SecurityConfiguration and the Getting Started 部分。
我有 spring 内存中保存用户的安全配置。用户有什么规则,其中之一是sa\sa。如果一切正常(端点可访问)有几个控制器 return Ok 消息,通过 urls /test 和 /start 调用 get 请求 Spring-仅安全保护/测试端点 Spring-安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("sa")
.password("{noop}sa")
.roles("USER", "USER_ROLE")
.and()
.withUser("na")
.password("na")
.roles("USER", "USER_ROLE");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/test").hasAnyRole("ROLE_USER", "USER", "USER_ROLE")
.and()
.csrf().disable();
}
}
Yaml 配置:
spring:
datasource:
username: user
password: user
driverClassName: org.h2.Driver
security:
basic:
enabled: true
因此,当我通过邮递员向 /start 发送获取请求时 - return 响应正常,如果尝试调用 /test - 无法访问。 我这样使用邮递员:
所以,问题是,为什么我无法从 /test 端点获得响应(无法访问此 url)?
拒绝的错误日志
2022-04-03 21:43:19.854 DEBUG 8872 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/test to session 2022-04-03 21:43:19.854 DEBUG 8872 --- [nio-8080-exec-2] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access 2022-04-03 21:43:19.856 DEBUG 8872 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
我认为您的过滤器链中缺少身份验证机制(例如 http.httpBasic()。请注意,spring.security.basic.enabled 属性 不是在最新版本中启用 HTTP Basic 的正确方法Spring 安全版本。
查看参考文档中 Hello Security 示例的 SecurityConfiguration and the Getting Started 部分。