"Unauthorized: Full authentication is required to access this resource" when booting up the app

huangapple
go评论73阅读模式
英文:

"Unauthorized: Full authentication is required to access this resource" when booting up the app

问题

这有点烦人,因为我已经解决了最初的问题(就是这个问题),但现在又出现了另一个问题,我自己无法完全调试清楚。

我正在使用JHipster 6.10(Spring Boot 2.2.7.RELEASE)+ React开发我的项目。我最近需要将实体用作目录(以便管理员可以轻松管理),并且它们需要在注册页面上使用。我的第一个问题是,在注册页面中它们不会显示下拉列表,但这个问题与SecurityConfiguration.java有关,所以我添加了以下代码以允许这些实体的访问:

.antMatchers("/api/comunidad-famdals").permitAll()
.antMatchers("/api/ciudads").permitAll()
.antMatchers("/api/estados").permitAll()
.antMatchers("/api/ladrillo-famdals").permitAll()
.antMatchers("/api/pais").permitAll()
.antMatchers("/api/**").authenticated()

而且这似乎完全有效,但是在我首次加载应用程序(开发模式)时,它会抛出下面的错误:

2020-10-09 02:03:33.337 DEBUG 63312 --- [  XNIO-1 task-9] c.f.m.r.CustomAuditEventRepository       : 进入:add(),参数为[AuditEvent [timestamp=2020-10-09T07:03:33.302498Z, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]]
2020-10-09 02:03:33.342 DEBUG 63312 --- [  XNIO-1 task-9] c.f.m.r.CustomAuditEventRepository       : 退出:add(),结果为null
2020-10-09 02:03:33.473  WARN 63312 --- [  XNIO-1 task-9] o.z.problem.spring.common.AdviceTraits   : 未经授权:需要完全认证才能访问此资源
2020-10-09 02:03:33.564  WARN 63312 --- [  XNIO-1 task-9] .m.m.a.ExceptionHandlerExceptionResolver : 已解决 [org.springframework.security.authentication.InsufficientAuthenticationException: 需要完全认证才能访问此资源]

在尝试注册时,下拉列表仍然没有显示任何内容:

"Unauthorized: Full authentication is required to access this resource" when booting up the app

但是,如果我再次返回主页,终端会显示所有查询都已正确执行,而且如果我返回注册页面:

"Unauthorized: Full authentication is required to access this resource" when booting up the app

我想知道是否在我的SecurityConfiguration.java文件中遗漏了什么,或者配置的顺序是否需要不同才能正常工作。

英文:

This is a bit annoying since I've solved the original problem (which was this) but now this is another thing that I can't quite debug myself.

I am using JHispter 6.10 (Spring Boot 2.2.7.RELEASE) + React for my project. I've recently come to the need of using entities as catalogues (so they can be managed easily by an admin) and they need to be used on the register page. My first problem was that they wouldn't the dropdown in the register page, but that problem had to do with SecurityConfiguration.java, so I added the entities to be permitted to All:

.antMatchers("/api/comunidad-famdals").permitAll()
.antMatchers("/api/ciudads").permitAll()
.antMatchers("/api/estados").permitAll()
.antMatchers("/api/ladrillo-famdals").permitAll()
.antMatchers("/api/pais").permitAll()
.antMatchers("/api/**").authenticated()

And that seems to work just fine, but the first time I load the app (in dev mode), it throws the next error:

2020-10-09 02:03:33.337 DEBUG 63312 --- [  XNIO-1 task-9] c.f.m.r.CustomAuditEventRepository       : Enter: add() with argument
展开收缩
 = [AuditEvent [timestamp=2020-10-09T07:03:33.302498Z, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]]
2020-10-09 02:03:33.342 DEBUG 63312 --- [  XNIO-1 task-9] c.f.m.r.CustomAuditEventRepository       : Exit: add() with result = null
2020-10-09 02:03:33.473  WARN 63312 --- [  XNIO-1 task-9] o.z.problem.spring.common.AdviceTraits   : Unauthorized: Full authentication is required to access this resource
2020-10-09 02:03:33.564  WARN 63312 --- [  XNIO-1 task-9] .m.m.a.ExceptionHandlerExceptionResolver : Resolved [org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource]

And when trying to register, the dropdown still doesn't show anything:

"Unauthorized: Full authentication is required to access this resource" when booting up the app

But if I go home once again, the terminal shows that all the queries have been done correctly, and sure enough, if I go back to the register page:

"Unauthorized: Full authentication is required to access this resource" when booting up the app

I would like to know if I am missing something on my SecurityConfiguration.java or if the order of the configuration needs to be different for it to work properly.

答案1

得分: 1

你必须在Spring Boot配置(SecurityConfiguration.java)中为你的端点授予权限。

HttpSecurity.authorizeRequests()添加一个新的antMatchers参数,它应该像这样:

http
  .authorizeRequests()
  .antMatchers("/api/yourEndpoint").permitAll()

当然,你需要选择谁有权调用这个端点。

希望对你有用 "Unauthorized: Full authentication is required to access this resource" when booting up the app

英文:

you have to give permissions to your endpoint in the Spring Boot Configuration (SecurityConfiguration.java)

add a new antMatchers parameter to the HttpSecurity.authorizeRequests() it should look like this:

<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-java -->

http
  .authorizeRequests()
  .antMatchers(&quot;/api/yourEndpoint&quot;).permitAll()

<!-- end snippet -->

of course you have to select who has authority to call this endpoint

Hope it works for you "Unauthorized: Full authentication is required to access this resource" when booting up the app

huangapple
  • 本文由 发表于 2020年10月9日 15:29:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/64275716.html
  • java
  • jhipster
  • reactjs
  • spring-boot
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定