Spring security不允许我从移动仿真器调用端点
Spring security不允许我从移动仿真器调用端点
提问于 2021-08-03 19:53:40
这是我的spring安全配置。
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(
"api/authenticate/**", "/v2/api-docs", "/configuration/ui",
"/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**",
"/register", "/api/addAdmin", "/api/authenticate", "/api/allAvailableTentsInExactTimeslotsRange",
"/actuator/**","/api/resident","/api/fetch-login-page"
)
.permitAll()
.anyRequest()
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Tell Spring Security to create sessions
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
// I don't want to do any hashing
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
public AuthenticationManager authenticationmanager() throws Exception{
return super.authenticationManager();
}
}这是我的控制器类
@RestController
@RequestMapping("/api")
@CrossOrigin(origins = "*")
public class LoginPageController {
final LoginPageRepository loginPageRepository;
final LoginPageServiceImpl loginPageServiceImpl;
public LoginPageController(LoginPageRepository loginPageRepository, LoginPageServiceImpl loginPageServiceImpl) {
this.loginPageRepository = loginPageRepository;
this.loginPageServiceImpl = loginPageServiceImpl;
}
@ApiOperation(value = "Retrieve the login page customisation", response = LoginPageDto.class)
@ApiResponses(value = {
@ApiResponse(code = 200, response = LoginPageDto.class, message = "Successfully retrieved login page"),
@ApiResponse(code = 401, message = "You are not authorized to view the resource"),
@ApiResponse(code = 403, message = "Accessing the resource you were trying to reach is forbidden"),
@ApiResponse(code = 404, message = "The resource you were trying to reach is not found")})
@GetMapping(value = "/fetch-login-page")
public ResponseEntity<LoginPageDto> fetchLoginPage() {
LoginPageDto tempLoginPageFto = loginPageServiceImpl.loginPageEntityToLoginPageDto(loginPageRepository.findFirstByLoginPageId(1L));
return ResponseEntity.ok(tempLoginPageFto);
}
}如果我从swagger调用我的端点,无需任何身份验证,它就像一个咒语
然而,当我试图从我的移动仿真器调用端点时,我在服务器站点上得到了这个错误:
2021-08-03 22:41:16.782 DEBUG 3088 --- [nio-8083-exec-3] o.s.security.web.FilterChainProxy : Securing GET /api/fetch-login-page/
2021-08-03 22:41:16.782 DEBUG 3088 --- [nio-8083-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-08-03 22:41:16.782 DEBUG 3088 --- [nio-8083-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [GET /api/fetch-login-page/] with attributes [authenticated]
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] o.s.security.web.FilterChainProxy : Securing GET /error
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-08-03 22:41:16.783 DEBUG 3088 --- [nio-8083-exec-3] o.s.security.web.FilterChainProxy : Secured GET /error
2021-08-03 22:41:16.786 DEBUG 3088 --- [nio-8083-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request在Android应用程序中,我使用retrofit进行调用。我知道我必须从我的pc使用actuall才能使其工作。事实上,我有很多没有启用spring安全的应用程序,它们工作得很完美。
在android studio上,这是我的升级配置:
public class RetrofitConfig {
public static Retrofit retrofit;
public static Retrofit getClient() {
if (retrofit == null) {
retrofit = new Retrofit.Builder()
.baseUrl("http://192.168.1.1:8083/api/")
.addConverterFactory(GsonConverterFactory.create())
.build();
}
return retrofit;
}
}这是我的API类
public interface myAPI {
@GET("fetch-login-page/")
Call<MainActivityModel> fetchLoginPage();
}在这里我实现了实际的调用
public void fetchLoginPage() {
MyAPI myAPI = RetrofitConfig.getClient().create(MyAPI.class);
Call<MainActivityModel> call = myAPI.fetchLoginPage();
call.enqueue(new Callback<MainActivityModel>() {
@Override
public void onResponse(Call<MainActivityModel> call, Response<MainActivityModel> response) {
textViewOtp.setText(response.body().getTextViewOtp());
getSupportActionBar().setTitle(response.body().getSupportActionBarString());
}
@Override
public void onFailure(Call<MainActivityModel> call, Throwable t) {
t.getStackTrace();
}
});
}在客户端,我得到403
Response{protocol=http/1.1, code=403, message=, url=http://192.168.1.1:8083/api/fetch-login-page/}你能告诉我spring-security中遗漏了什么配置吗?非常感谢!
回答 1
Stack Overflow用户
回答已采纳
发布于 2021-08-06 14:57:15
好的,答案毕竟很简单。在antMatchers中的srping安全性中,我将
/api/fetch-login-page但在我的电话里,我打电话给
/api/fetch-login-page/以"/“结尾。将我的调用更改为确切的url,一切都正常。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68642072
复制相关文章
相似问题
腾讯云开发者
