Spring Security Vaadin 24 在配置类中不允许 permitAll,但允许在视图级别上设置。

huangapple go评论44阅读模式
英文:

Spring Security Vaadin 24 not allow permitAll in configuration class but allow in on view level

问题

Here is the translated code portion:

package com.fractal.security;
import com.fractal.views.LoginView;
import com.fractal.views.about.AboutView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
                .requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
        super.configure(http);
        setLoginView(http, LoginView.class);

    }

    @Override
    protected void configure(WebSecurity web) throws Exception {
        web.ignoring().requestMatchers(
                "/VAADIN/**",
                "/favicon.ico",
                "/robots.txt",
                "/manifest.webmanifest",
                "/sw.js",
                "/offline.html",
                "/icons/**",
                "/images/**",
                "/styles/**",
                "/h2-console/**");
        super.configure(web);
    }

    @Bean
    UserDetailsManager userDetailsManager(){
        return new InMemoryUserDetailsManager(
                User.withUsername("test")
                        .password("{noop}test")
                        .roles("USER")
                        .build()

        );
    }
}

Please note that I've removed the HTML entities like " and replaced them with the actual characters to make the code more readable. If you have any further questions or need assistance with the code, feel free to ask.

英文:
package com.fractal.security;
import com.fractal.views.LoginView;
import com.fractal.views.about.AboutView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
super.configure(http);
setLoginView(http, LoginView.class);
}
@Override
protected void configure(WebSecurity web) throws Exception {
web.ignoring().requestMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
"/icons/**",
"/images/**",
"/styles/**",
"/h2-console/**");
super.configure(web);
}
@Bean
UserDetailsManager userDetailsManager(){
return new InMemoryUserDetailsManager(
User.withUsername("test")
.password("{noop}test")
.roles("USER")
.build()
);
}
}

> When i'am trying to open any url it is not loading the view. But if I will annotate the view .
> with @PermitAll annotation it will work. How to solve it on configuration class level
> How to fix it anybody can help me on it.

答案1

得分: 1

这正常运行。如果没有指定,默认情况下会假定@DenyAll。因此,您必须在那里使用@PermitAll@AnonymousAllowed@RolesAllowed之一。

英文:

This is working as expected. @DenyAll is the assumed default if there is nothing specified. So you must have either @PermitAll, @AnonymousAllowed or @RolesAllowed there.

huangapple
  • 本文由 发表于 2023年5月14日 03:02:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/76244445.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定