英文:
problem with .requestMatchers().permitAll()
问题
以下是翻译好的部分:
"I've finally decided to create an account on this platform because I couldn't find a solution to my problem. I'm not advanced in Java and I'm having trouble with SecurityFilterChain. I want the main "home" page to be visible to everyone without logging in, but it keeps redirecting me to the login page. I've mapped the access points I need and I've been working on it for a while now.
Perhaps someone can spot where the problem is.
Using Spring boot 3.0.2
CODE:
package xxxxxxxxxxxxx
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder) {
UserDetails admin = User.withUsername("admin")
.password(encoder.encode("pass"))
.roles("ADMIN")
.build();
UserDetails user1 = User.withUsername("user1")
.password(encoder.encode("pass1"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(admin, user1);
}
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/home").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/item/**")
.authenticated().and().formLogin().and().build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
英文:
I've finally decided to create an account on this platform because I couldn't find a solution to my problem. I'm not advanced in Java and I'm having trouble with SecurityFilterChain. I want the main "home" page to be visible to everyone without logging in, but it keeps redirecting me to the login page. I've mapped the access points I need and I've been working on it for a while now.
Perhaps someone can spot where the problem is.
Using Spring boot 3.0.2
CODE:
package xxxxxxxxxxxxx
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder) {
UserDetails admin = User.withUsername("admin")
.password(encoder.encode("pass"))
.roles("ADMIN")
.build();
UserDetails user1 = User.withUsername("user1")
.password(encoder.encode("pass1"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(admin,user1);
}
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/home").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/item/**")
.authenticated().and().formLogin().and().build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
答案1
得分: 1
你忘了从SecurityFilterChain
方法中添加@Bean
注解。这可能会成为一个问题。
我为您提供这段代码。如果您使用它,您可以在登录后访问所有页面,也可以在登录前访问主页。
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(requests -> requests
.requestMatchers("/", "/home").permitAll()
.anyRequest().authenticated())
.formLogin(form -> form
.loginPage("/login")
.permitAll());
return http.build();
}
英文:
You forgot the @Bean
annotation from the SecurityFilterChain
method. It could be a problem.
I let you this code. If you use this you can reach all pages after login, and you can reach home page before login.
<!-- language: java -->
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(requests -> requests
.requestMatchers("/", "/home").permitAll()
.anyRequest().authenticated())
.formLogin(form -> form
.loginPage("/login")
.permitAll());
return http.build();
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论