我在这里使用Spring授权服务器,我有两个控制器,一个是/user/**,另一个是/client/**,现在我想要的是/user/**可以公开访问和/client/ ** 只能由经过身份验证的用户访问,我使用了两个过滤器链,一个用于身份验证服务器,将所有从 /client/** 开始的请求重定向到 /login ,另一个用于处理重定向到 /login 页面,这是我的配置:
@Configuration
public class WebSecurityConfig {
@Order(1)
@Bean
SecurityFilterChain authServerFilterChain(HttpSecurity http, JwtAuthenticationConverter jwtAuthenticationConverter) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.oidc(Customizer.withDefaults());
http.exceptionHandling(ex -> ex.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint("/login"),
// redirect all unautheticated /client/** to login
new AntPathRequestMatcher("/client/**")
))
.oauth2ResourceServer(rs -> rs.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter)));
return http.build();
}
@Order(2)
@Bean
SecurityFilterChain defaultFilterChain(HttpSecurity http, CorsConfigurationSource corsConfigurationSource) throws Exception {
http
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(csrf -> csrf.disable())
.cors(cors -> cors.configurationSource(corsConfigurationSource))
.authorizeHttpRequests(
req -> req.requestMatchers("/user/**").permitAll()
.anyRequest().authenticated())
.formLogin(Customizer.withDefaults());
return http.build();
}
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder()
.build();
}
}
这是我尝试访问的用户端点
@Controller
@ResponseBody
@RequestMapping("/user/")
public class UserController {
private final UserService userService;
public UserController(UserService userService) {
this.userService = userService;
}
@GetMapping()
public String hello() {
return "Hello from User Controller";
}
}
我期望得到输出,但是,我被重定向到/登录页面
我尝试设置
logging.level.org.springframework.security=debug
,这给出了:
2024-09-22T14:23:35.456+05:30 INFO 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2024-09-22T14:23:35.457+05:30 INFO 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2024-09-22T14:23:35.459+05:30 INFO 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 2 ms
2024-09-22T14:23:35.492+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /user
2024-09-22T14:23:35.508+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-09-22T14:23:35.512+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Secured GET /user
2024-09-22T14:23:35.548+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /error
2024-09-22T14:23:35.549+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-09-22T14:23:35.553+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login
2024-09-22T14:23:35.580+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /login
2024-09-22T14:23:35.810+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /favicon.ico
2024-09-22T14:23:35.811+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-09-22T14:23:35.812+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login
2024-09-22T14:23:35.825+05:30 DEBUG 131685 --- [spring-oauth2-auth-server] [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing GET /login
好吧,我已经找到了解决方案,因为用户/之后的
@RequestMapping("/user/")
尾随斜杠而发生了这种情况,所以我已将其更新为@RequestMapping("/user")
并且工作正常。