启用全局方法安全性会导致 404。

huangapple
go评论78阅读模式
英文:

Enable global method security leads to 404

问题

启用全局方法安全性后,当我调用属于使用@Preauthorized注释进行注解的类的端点时,会出现404/NotFound错误。

这是我的配置:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()

而这是控制器:

@RestController
@RequestMapping(Endpoints.BABBLE.ROOT)
@PreAuthorize("@authenticator.checkIfThunderkickAdmin()")
class BabbleRequestController() {

    @PostMapping(Endpoints.BABBLE.APPEND)
    public fun balances(@RequestBody requestData: AppendRequestData, @RequestHeader(HttpHeaders.AUTHORIZATION) authHeader: String): ResponseEntity<String> {
    ...
}
英文:

When I enable Global Method Security, I get 404/NotFound when I call my endpoint that belongs to a class annotated with @Preauthorized

This is my configuration:

@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()

And this is the controller:

@RestController
@RequestMapping(Endpoints.BABBLE.ROOT)
@PreAuthorize(&quot;@authenticator.checkIfThunderkickAdmin()&quot;)
class BabbleRequestController() {

    @PostMapping(Endpoints.BABBLE.APPEND)
    public fun balances(@RequestBody requestData: AppendRequestData, @RequestHeader(HttpHeaders.AUTHORIZATION)  authHeader : String): ResponseEntity&lt;String&gt; {
    ...

答案1

得分: 3

我猜测你得到了 404 错误,因为你在 @EnableGlobalMethodSecurity 注解中使用了 @PreAuthorize,同时缺少了 proxyTargetClass = true 配置。Spring 丢失了你的控制器,因为它是一个 JDK 代理,而不是 CGLIB 代理,并且不再具有 @RestController。尝试使用以下代码替换它:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()
英文:

I guess you got 404 because you have @PreAuthorize and missing proxyTargetClass = true for @EnableGlobalMethodSecurity annotation. Spring loses your controller because it's a JDK proxy instead of CGLIB and doesn't have @RestController anymore.

Try to replace it with:


@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()

huangapple
  • 本文由 发表于 2020年10月2日 07:11:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/64164299.html
  • java
  • kotlin
  • spring
  • spring-boot
  • spring-security
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定