我正在开发一个Sping Boot 应用,最近从Spring Boot 2迁移到Spring Boot 3。应用使用Spring Security 6。然而,在迁移之后,我在尝试访问H2控制台时遇到了HTTP 403错误。
在我的项目中,我配置了SecurityFilterChain,允许访问某些公共端点,包括H2控制台。
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf((csrf) -> csrf.disable())
.authorizeHttpRequests((authorize) ->
authorize
.requestMatchers(
"/api/auth/login",
"/api/auth/logout",
"/login",
"/h2-console/**"
).permitAll()
.requestMatchers("/admin/**")
.hasAuthority("ROLE_ADMIN")
.anyRequest()
.authenticated()
).logout((logout) ->
logout
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.logoutUrl("/api/auth/logout")
.logoutSuccessUrl("/logout-success")
).headers((headers) ->
headers
.frameOptions(frameOptions -> frameOptions.sameOrigin())
)
;
return http.build();
}当我启动应用程序时,H2控制台可用,我可以通过以下日志消息进行确认:
[2m2023-05-22T23:36:52.924+02:00[0;39m [32m INFO[0;39m [35m8128[0;39m [2m---[0;39m [2m[ restartedMain][0;39m [36mo.s.b.a.h2.H2ConsoleAutoConfiguration [0;39m [2m:[0;39m H2 console available at '/h2-console'. Database available at 'jdbc:h2:~/test'我能够访问允许的端点,没有任何问题。但是,当我尝试访问H2控制台时,收到HTTP 403错误x1c 0d1x
但是我无法访问我的h2-console(我得到一个403 HTTP代码):
我还尝试忽略H2控制台的requestMatcher,因为它有自己的登录访问权限,但我无法确定问题的根本原因。下面是我的配置:
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/h2-console/**");
}当我尝试访问H2控制台URL时,我可以在控制台中看到以下调试信息:
[2m2023-05-22T23:45:07.983+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.985+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.985+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.986+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.987+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.987+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
[2m2023-05-22T23:45:07.989+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[2m2023-05-22T23:45:07.990+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[2m2023-05-22T23:45:07.990+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[2m2023-05-22T23:45:07.991+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[2m2023-05-22T23:45:07.991+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[2m2023-05-22T23:45:07.991+02:00[0;39m [32mDEBUG[0;39m [35m8128[0;39m [2m---[0;39m [2m[nio-8080-exec-8][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)有人能帮我解决这个问题吗?对不起我的英语
1条答案
按热度按时间qxsslcnc1#
Spring security 6围绕requestMatchers做了一点改变,它的行为与requestAntMatchers有所不同。
你应该把这个加到你的构建器里,它会起作用的。