我目前正在将我们的服务迁移到带有Spring Security 6的Sping Boot 3。
在这样做的同时,我目前挂在问题上,我想只为一组端点建立一个过滤器:
@Bean
@Order(10)
SecurityFilterChain internalEndpointsFilterChain(HttpSecurity http) {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.antMatcher("/cache/**") <<<-- Problem
.addFilterBefore(sharedSecretAuthenticationFilter(), ExceptionTranslationFilter)
.exceptionHandling({ exceptionHandling ->
exceptionHandling.authenticationEntryPoint(new UnauthorizedAuthenticationEntryPoint())
})
.authorizeRequests({ authorizeRequests ->
authorizeRequests.anyRequest().fullyAuthenticated()
})
.build()
}当我迁移任何我在这里改变我只是总是得到一个401为这些端点。
我的尝试:
http.csrf { it.disable() }
.sessionManagement { it.sessionCreationPolicy(STATELESS) }
.securityMatcher("/cache/**")
.addFilterBefore(sharedSecretAuthenticationFilter(), ExceptionTranslationFilter)
.exceptionHandling({ exceptionHandling ->
exceptionHandling.authenticationEntryPoint(new UnauthorizedAuthenticationEntryPoint())
})
.authorizeHttpRequests({ authorizeRequests ->
authorizeRequests
.anyRequest().fullyAuthenticated()
})
.build()评论后编辑:重要的是,我们需要将此安全链与上面的正则表达式绑定,因为我们为其余端点提供了不同的链,该链在lib中配置并包含在我们的服务中:
@Bean
@Order(10)
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.addFilterAfter(oauthAuthenticationFilter(jwtProcessor), LogoutFilter)
.addFilterAfter(authenticationLessModeAuthenticationFilter(), OAuthAuthenticationFilter)
.exceptionHandling({ exceptionHandling ->
exceptionHandling.authenticationEntryPoint(new UnauthorizedAuthenticationEntryPoint())
})
.authorizeHttpRequests({ authorizeRequests ->
authorizeRequests
.requestMatchers(antMatcher("/error")).permitAll()
.anyRequest().fullyAuthenticated()
})
.build()
}知道我哪里做错了吗
1条答案
按热度按时间vsdwdz231#
如果问题出在迁移中,而在迁移之前,问题出在
internalEndpointsFilterChain配置中。基于迁移指南
更新
你能尝试下一个实现,并给我一个反馈,如果它帮助你给予。