jhipster:没有身份验证的web服务

bpzcxfmw  于 2021-07-08  发布在  Java
关注(0)|答案(2)|浏览(379)

我的jhipster应用程序中有一个web服务,我需要在没有身份验证的情况下调用它:

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

 @Override
    public void configure(WebSecurity web) {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/api/my_method_to_call_unauthenticated")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**");
    }
}

在我的java代码中,我调用了(neo4j)db:

@Override
    public Optional<MyObject> find(String connectionId) {
        return connectionRepository.find(connectionId);
    }

此堆栈跟踪失败:

2020-11-16 14:04:36.637 ERROR 3348 --- [  XNIO-1 task-1] o.a.s.w.r.Resource    : Exception in connectionSynced() with cause = 'NULL' and exception = 'Authentication object cannot be null'

java.lang.IllegalArgumentException: Authentication object cannot be null
    at org.springframework.security.access.expression.SecurityExpressionRoot.<init>(SecurityExpressionRoot.java:60)
    at org.springframework.security.data.repository.query.SecurityEvaluationContextExtension$1.<init>(SecurityEvaluationContextExtension.java:108)
    at org.springframework.security.data.repository.query.SecurityEvaluationContextExtension.getRootObject(SecurityEvaluationContextExtension.java:108)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider$EvaluationContextExtensionAdapter.<init>(ExtensionAwareEvaluationContextProvider.java:369)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.lambda$toAdapters$2(ExtensionAwareEvaluationContextProvider.java:159)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
    at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
    at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
    at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
    at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.toAdapters(ExtensionAwareEvaluationContextProvider.java:160)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.access$000(ExtensionAwareEvaluationContextProvider.java:65)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider$ExtensionAwarePropertyAccessor.<init>(ExtensionAwareEvaluationContextProvider.java:182)
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.getEvaluationContext(ExtensionAwareEvaluationContextProvider.java:110)
    at org.springframework.data.repository.query.ExtensionAwareQueryMethodEvaluationContextProvider.getEvaluationContext(ExtensionAwareQueryMethodEvaluationContextProvider.java:89)
    at org.springframework.data.repository.query.SpelEvaluator.evaluate(SpelEvaluator.java:59)
    at org.neo4j.springframework.data.repository.query.StringBasedNeo4jQuery.bindParameters(StringBasedNeo4jQuery.java:163)
    at org.neo4j.springframework.data.repository.query.StringBasedNeo4jQuery.prepareQuery(StringBasedNeo4jQuery.java:152)
    at org.neo4j.springframework.data.repository.query.AbstractNeo4jQuery.execute(AbstractNeo4jQuery.java:69)
    at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:618)
    at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:605)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:80)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:366)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:118)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:139)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
    at com.sun.proxy.$Proxy184.findOwningPortfolio(Unknown Source)
    at service.impl.ConnectionServiceImpl.find(ConnectionServiceImpl.java:85)

这是我的存储库:

@Repository
public interface ConnectionRepository extends Neo4jRepository<UserConnection, String> {

    @Query("MATCH (t:UserConnection { connection_id: $0 })-[:IN]-(p:Portfolio) RETURN p")
    Optional<Portfolio> find(String connectionId);
}

实际上,我需要在我的(neo4j)存储库中进行身份验证,但我不想,我缺少什么?

apeeds0o

apeeds0o1#

SecurityConfiguration , web.ignoring().antMatchers("/api/my_method_to_call_unauthenticated") 与…冲突 .antMatchers("/api/**").authenticated() 由于url重叠
您应该删除它并添加一个 permitAll() 按正确顺序:

.antMatchers("/api/my_method_to_call_unauthenticated").permitAll()
        .antMatchers("/api/**").authenticated()
zsohkypk

zsohkypk2#

你说得对,嘎ël、 但是在这之后出现的问题是csrf保护,这在这里是不需要的。因此,我设法在没有csrf的情况下使用以下未经验证的web服务:

@Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
            .ignoringAntMatchers("/api/my_method_to_call_unauthenticated") <<<
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .and()
--- snip ---
        .and()
            .authorizeRequests()
            .antMatchers("/api/my_method_to_call_unauthenticated").permitAll()
            .antMatchers("/api/**").authenticated()

看这里:Spring Boot

相关问题