我使用 spring boot 作为 api,并且正在使用 postman 进行测试,我尝试使用以下配置通过角色实现 spring security 身份验证:
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{
httpSecurity.
csrf(csrf->csrf.ignoringRequestMatchers("/Register"))
.authorizeHttpRequests(
(auth) -> {
auth.requestMatchers("/Register" , "/api/PostJob").permitAll();
auth.requestMatchers("/api/candidate/**").hasRole("candidate");
auth.requestMatchers("/api/Recruiters/**" ).hasRole("recruiter");
auth.requestMatchers("/api/job/**").hasRole("admin");
auth.anyRequest().authenticated();
}
).formLogin(AbstractAuthenticationFilterConfigurer::permitAll).
httpBasic(withDefaults());
return httpSecurity.build();
}
我正在使用此功能将身份验证要求发送到(“注册”)路由:
@PostMapping
public ResponseEntity<Person> createPerson(@RequestBody Person person){
System.out.println(person);
person.password = passwordEncoder.encode(person.password);
Person person1 = personDetailService.createPerson(person);
return ResponseEntity.status(HttpStatus.CREATED).body(person1);
}
当我尝试获取 Register 或 PostJob 时,它们工作正常,但是当我尝试发布时,我得到 401 代码(未经授权),我尝试禁用 csrf 令牌或忽略它,它总是相同的结果,我也尝试过要在数据库中手动插入凭据并尝试使用它们进行连接,但我得到了 500 代码。 对于日志,这是我得到的:
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing POST /error
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@706c2726, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using Or [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@706c2726, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@706c2726, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@706c2726, matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@1ae2028d
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2024-05-10T00:19:21.958+01:00 DEBUG 4295 --- [jobquest] [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@2b63fdbc
我不明白错误到底是什么,我尝试寻找不同的解决方案,但没有任何效果
我认为
**此外,如果正在生成令牌,请尝试将其插入 邮递员在Request URL栏下您转到Authorization 然后您在下拉菜单中选择您的令牌类型 出现了
如果您不知道如何访问您的令牌:
>>
按钮以显示更多选项卡。在“应用程序”选项卡中,您将在左侧看到一个侧边栏,其中包含存储、缓存等几个部分。auth_tokenaccess_tokenjwt @Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/your/URL/here", "your/second/URL/here");
}
此代码是 Spring Security 配置的一部分。它重写
configure(WebSecurity web)方法来指示 Spring Security 忽略对某些 URL 模式的安全检查。不 忘记替换您的网址