问题出在`.requestMatchers().permitAll()`。

huangapple
go评论71阅读模式
英文:

problem with .requestMatchers().permitAll()

问题

以下是翻译好的部分:

"I've finally decided to create an account on this platform because I couldn't find a solution to my problem. I'm not advanced in Java and I'm having trouble with SecurityFilterChain. I want the main "home" page to be visible to everyone without logging in, but it keeps redirecting me to the login page. I've mapped the access points I need and I've been working on it for a while now.

Perhaps someone can spot where the problem is.

Using Spring boot 3.0.2

CODE:

package xxxxxxxxxxxxx

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder encoder) {
        UserDetails admin = User.withUsername("admin")
                .password(encoder.encode("pass"))
                .roles("ADMIN")
                .build();

        UserDetails user1 = User.withUsername("user1")
                .password(encoder.encode("pass1"))
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(admin, user1);
    }

    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http.csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("/home").permitAll()
                .and()
                .authorizeHttpRequests().requestMatchers("/item/**")
                .authenticated().and().formLogin().and().build();

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}
英文:

I've finally decided to create an account on this platform because I couldn't find a solution to my problem. I'm not advanced in Java and I'm having trouble with SecurityFilterChain. I want the main "home" page to be visible to everyone without logging in, but it keeps redirecting me to the login page. I've mapped the access points I need and I've been working on it for a while now.

Perhaps someone can spot where the problem is.

Using Spring boot 3.0.2

CODE:

package xxxxxxxxxxxxx
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder) {
UserDetails admin = User.withUsername("admin")
.password(encoder.encode("pass"))
.roles("ADMIN")
.build();
UserDetails user1 = User.withUsername("user1")
.password(encoder.encode("pass1"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(admin,user1);
}
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/home").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/item/**")
.authenticated().and().formLogin().and().build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

答案1

得分: 1

你忘了从SecurityFilterChain方法中添加@Bean注解。这可能会成为一个问题。

我为您提供这段代码。如果您使用它,您可以在登录后访问所有页面,也可以在登录前访问主页。

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests(requests -> requests
            .requestMatchers("/", "/home").permitAll()
            .anyRequest().authenticated())
        .formLogin(form -> form
            .loginPage("/login")
            .permitAll());
    return http.build();
}
英文:

You forgot the @Bean annotation from the SecurityFilterChain method. It could be a problem.

I let you this code. If you use this you can reach all pages after login, and you can reach home page before login.

<!-- language: java -->

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(requests -&gt; requests
.requestMatchers(&quot;/&quot;, &quot;/home&quot;).permitAll()
.anyRequest().authenticated())
.formLogin(form -&gt; form
.loginPage(&quot;/login&quot;)
.permitAll());
return http.build();
}

huangapple
  • 本文由 发表于 2023年2月23日 21:21:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/75545421.html
  • java
  • spring-security
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定