从springboot v2.1.7升级到v2.1.8,我们遇到了一个问题,所有端点现在都给出401,而没有记录任何错误。
- 要记住没有其他的变化已经做了,这只是一个版本颠簸。
- 另外要提到的是,在本地运行springboot应用程序时,所有程序都运行良好。在预生产环境中部署时,它只为所有端点提供401
my machine is having ubuntu 22.04
pre-prod machine is having centos ~7.9
we are using java 8 and tomcat这里是我们的网络安全看起来像(这个文件还没有被触及)
import java.util.List;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = Logger.getLogger(WebSecurityConfig.class);
@Value("${roles}")
public String roles;
@Value("${security.allowed.ip}")
private String allowedIp;
@Value("${web.security.config.web.ignore.matchers}")
private List<String> webIgnoreMatchers;
@Value("${web.security.config.http.cors.matchers}")
private List<String> httpCorsMatchers;
@Override
public void configure(WebSecurity web) {
try {
web.ignoring()
.antMatchers(webIgnoreMatchers.stream().toArray(String[]::new));
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
@Override
protected void configure(HttpSecurity http) {
try {
http.csrf().disable().cors().and().authorizeRequests()
.antMatchers("/someendpoint").hasIpAddress(allowedIp)
.antMatchers(httpCorsMatchers.stream().toArray(String[]::new))
.permitAll()
.mvcMatchers("/**")
.hasAnyAuthority(roles).anyRequest().authenticated().and()
.oauth2ResourceServer().jwt().jwtAuthenticationConverter(new CustomJwtAuthenticationConverter());
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
}
1条答案
按热度按时间6g8kf2rb1#