@RestController
@RequestMapping("/v1/user")
public class UserController{
@GetMapping("/hello")
public ResponseEntity sayHelloSecured() {
System.out.println("said hello from secured endpoint");
return ResponseEntity.ok("");
}
}` and `@RestController
@RequestMapping("/v1/open")
public class MainController{
@GetMapping("/hello")
public ResponseEntity sayHello() {
System.out.println("said hello");
return ResponseEntity.ok("");
}
}
< /code>
Ich habe außerdem eine benutzerdefinierte Sicherheitskonfiguration, die eine grundlegende HTTP -Authentifizierung verwendet. (Ich habe vor, zu ernsthafterem Auth zu wechseln, aber vorerst möchte ich das Basisc lernen). < /P>
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeHttpRequests((authorize)->{
authorize.requestMatchers("/v1/open/**").permitAll();
authorize.anyRequest().authenticated();
}).httpBasic(Customizer.withDefaults());
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.withUsername("user")
.password(passwordEncoder().encode("password"))
.roles("USER")
.build();
return username -> user.getUsername().equals(username) ? user : null;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
< /code>
Ich verwende Maven zur Kompilierung. Meine Spring -Boot -Version ist 3.4.5 und meine Spring -Boot -Sicherheit ist Version 6.4.5. logging.level.org.springframework.security = Debugg in meiner Anwendung.Property -Datei.2025-05-10T14:05:23.242+02:00 INFO 17808 --- [myfiles] [ main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with UserDetailsService bean with name inMemoryUserDetailsManager
2025-05-10T14:05:23.415+02:00 DEBUG 17808 --- [myfiles] [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, UsernamePasswordAuthenticationFilter, DefaultResourcesFilter, DefaultLoginPageGeneratingFilter, DefaultLogoutPageGeneratingFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter
< /code>
Wie ich dies verstehe, wird mein benutzerdefinierter (und sehr einfacher) BenutzerdetailsService verwendet. W
Wenn ich den Endpunkt aufrufe, erhalte ich jedoch die folgende Nachricht: < /p>
2025-05-10T21:03:05.774+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2025-05-10T21:03:05.774+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2025-05-10T21:03:05.776+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2025-05-10T21:03:05.798+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'defaultSecurityFilterChain' in [class path resource [org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration$SecurityFilterChainConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Csrf, Logout, UsernamePasswordAuthentication, DefaultResources, DefaultLoginPageGenerating, DefaultLogoutPageGenerating, BasicAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, ExceptionTranslation, Authorization] (1/1)
2025-05-10T21:03:05.799+02:00 DEBUG 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /v1/open/hello
2025-05-10T21:03:05.801+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16)
2025-05-10T21:03:05.802+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16)
2025-05-10T21:03:05.806+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16)
2025-05-10T21:03:05.808+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16)
2025-05-10T21:03:05.810+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/16)
2025-05-10T21:03:05.816+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/16)
2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (7/16)
2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultResourcesFilter (8/16)
2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16)
2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/16)
2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]]
2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking BasicAuthenticationFilter (11/16)
2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Did not process authentication request since failed to find username and password in Basic Authorization header
2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/16)
2025-05-10T21:03:05.820+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2025-05-10T21:03:05.820+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/16)
2025-05-10T21:03:05.822+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/16)
2025-05-10T21:03:05.823+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (15/16)
2025-05-10T21:03:05.824+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (16/16)
2025-05-10T21:03:05.825+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing GET /v1/open/hello
2025-05-10T21:03:05.826+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /v1/open/hello using org.springframework.security.authorization.AuthenticatedAuthorizationManager@7c66d301
2025-05-10T21:03:05.827+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2025-05-10T21:03:05.827+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-05-10T21:03:05.828+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-05-10T21:03:05.832+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2025-05-10T21:03:05.834+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.authorization.AuthorizationDeniedException: Access Denied
Dies scheint die doppelte Ausgabe zu geben (für einen Curl -Anruf) und erlaubt mir offensichtlich nicht, den v1/öffnen/Hallo -Endpunkt zu erreichen, obwohl ich sie explizit hinzugefügt habe, um zu autorisieren. Danke
Ich versuche, etwas über Authentifizierung im Spring Boot zu lernen. Ich habe zwei Endpunkte < /p> eingerichtet[code]@RestController @RequestMapping("/v1/user") public class UserController{
@GetMapping("/hello") public ResponseEntity sayHelloSecured() { System.out.println("said hello from secured endpoint"); return ResponseEntity.ok(""); } }` and `@RestController @RequestMapping("/v1/open") public class MainController{
@GetMapping("/hello") public ResponseEntity sayHello() { System.out.println("said hello"); return ResponseEntity.ok(""); }
} < /code> Ich habe außerdem eine benutzerdefinierte Sicherheitskonfiguration, die eine grundlegende HTTP -Authentifizierung verwendet. (Ich habe vor, zu ernsthafterem Auth zu wechseln, aber vorerst möchte ich das Basisc lernen). < /P> @Configuration @EnableWebSecurity public class SecurityConfig {
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@Bean public UserDetailsService userDetailsService() { UserDetails user = User.withUsername("user") .password(passwordEncoder().encode("password")) .roles("USER") .build(); return username -> user.getUsername().equals(username) ? user : null; }
@Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } < /code> Ich verwende Maven zur Kompilierung. Meine Spring -Boot -Version ist 3.4.5 und meine Spring -Boot -Sicherheit ist Version 6.4.5. logging.level.org.springframework.security = Debugg in meiner Anwendung.Property -Datei.2025-05-10T14:05:23.242+02:00 INFO 17808 --- [myfiles] [ main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with UserDetailsService bean with name inMemoryUserDetailsManager 2025-05-10T14:05:23.415+02:00 DEBUG 17808 --- [myfiles] [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, UsernamePasswordAuthenticationFilter, DefaultResourcesFilter, DefaultLoginPageGeneratingFilter, DefaultLogoutPageGeneratingFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter
< /code> Wie ich dies verstehe, wird mein benutzerdefinierter (und sehr einfacher) BenutzerdetailsService verwendet. W Wenn ich den Endpunkt aufrufe, erhalte ich jedoch die folgende Nachricht: < /p> 2025-05-10T21:03:05.774+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 2025-05-10T21:03:05.774+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2025-05-10T21:03:05.776+02:00 INFO 22104 --- [myfiles] [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms 2025-05-10T21:03:05.798+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'defaultSecurityFilterChain' in [class path resource [org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration$SecurityFilterChainConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Csrf, Logout, UsernamePasswordAuthentication, DefaultResources, DefaultLoginPageGenerating, DefaultLogoutPageGenerating, BasicAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, ExceptionTranslation, Authorization] (1/1) 2025-05-10T21:03:05.799+02:00 DEBUG 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /v1/open/hello 2025-05-10T21:03:05.801+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16) 2025-05-10T21:03:05.802+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16) 2025-05-10T21:03:05.806+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16) 2025-05-10T21:03:05.808+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16) 2025-05-10T21:03:05.810+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/16) 2025-05-10T21:03:05.816+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS] 2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/16) 2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST] 2025-05-10T21:03:05.817+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (7/16) 2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST] 2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultResourcesFilter (8/16) 2025-05-10T21:03:05.818+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16) 2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/16) 2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]] 2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking BasicAuthenticationFilter (11/16) 2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Did not process authentication request since failed to find username and password in Basic Authorization header 2025-05-10T21:03:05.819+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/16) 2025-05-10T21:03:05.820+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2025-05-10T21:03:05.820+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/16) 2025-05-10T21:03:05.822+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/16) 2025-05-10T21:03:05.823+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (15/16) 2025-05-10T21:03:05.824+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (16/16) 2025-05-10T21:03:05.825+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing GET /v1/open/hello 2025-05-10T21:03:05.826+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /v1/open/hello using org.springframework.security.authorization.AuthenticatedAuthorizationManager@7c66d301 2025-05-10T21:03:05.827+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists 2025-05-10T21:03:05.827+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2025-05-10T21:03:05.828+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2025-05-10T21:03:05.832+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] 2025-05-10T21:03:05.834+02:00 TRACE 22104 --- [myfiles] [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
[/code] Dies scheint die doppelte Ausgabe zu geben (für einen Curl -Anruf) und erlaubt mir offensichtlich nicht, den v1/öffnen/Hallo -Endpunkt zu erreichen, obwohl ich sie explizit hinzugefügt habe, um zu autorisieren. Danke
Ich möchte die tatsächliche SecurityFilterChain -Bean basierend auf einer zu befietsstarken Eigenschaft konfigurieren. > @Configuration
@EnableWebSecurity
class SecurityConfiguration {
Ich möchte die tatsächliche SecurityFilterChain -Bean basierend auf einer zu befietsstarken Eigenschaft konfigurieren. > @Configuration
@EnableWebSecurity
class SecurityConfiguration {
Ich versuche eine Webanwendung zu erstellen, die verwendet: Springboot, MySQL, JDBC, MVC, Dao Thymeleaf und Intellij. Die Klasse WebSecurityConFigurerAdapter , da veraltet ist, aber stattdessen...
Mobile version