英文:
Spring Security Vaadin 24 not allow permitAll in configuration class but allow in on view level
问题
Here is the translated code portion:
package com.fractal.security;
import com.fractal.views.LoginView;
import com.fractal.views.about.AboutView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
super.configure(http);
setLoginView(http, LoginView.class);
}
@Override
protected void configure(WebSecurity web) throws Exception {
web.ignoring().requestMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
"/icons/**",
"/images/**",
"/styles/**",
"/h2-console/**");
super.configure(web);
}
@Bean
UserDetailsManager userDetailsManager(){
return new InMemoryUserDetailsManager(
User.withUsername("test")
.password("{noop}test")
.roles("USER")
.build()
);
}
}
Please note that I've removed the HTML entities like " and replaced them with the actual characters to make the code more readable. If you have any further questions or need assistance with the code, feel free to ask.
英文:
package com.fractal.security;
import com.fractal.views.LoginView;
import com.fractal.views.about.AboutView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
super.configure(http);
setLoginView(http, LoginView.class);
}
@Override
protected void configure(WebSecurity web) throws Exception {
web.ignoring().requestMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
"/icons/**",
"/images/**",
"/styles/**",
"/h2-console/**");
super.configure(web);
}
@Bean
UserDetailsManager userDetailsManager(){
return new InMemoryUserDetailsManager(
User.withUsername("test")
.password("{noop}test")
.roles("USER")
.build()
);
}
}
> When i'am trying to open any url it is not loading the view. But if I will annotate the view .
> with @PermitAll annotation it will work. How to solve it on configuration class level
> How to fix it anybody can help me on it.
答案1
得分: 1
这正常运行。如果没有指定,默认情况下会假定@DenyAll。因此,您必须在那里使用@PermitAll、@AnonymousAllowed或@RolesAllowed之一。
英文:
This is working as expected. @DenyAll is the assumed default if there is nothing specified. So you must have either @PermitAll, @AnonymousAllowed or @RolesAllowed there.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论