总是得到403 Forbidden错误,即使它应该返回404 Not错误(Java Spring应用程序问题)

de90aj5v  于 12个月前  发布在  Spring
关注(0)|答案(1)|浏览(222)

我遇到了Java 17 Spring Maven应用程序的问题,因为当我测试我的代码时,它总是在Postman中返回403 Forbidden状态。我在securityFilterChain()方法中找到了问题,但我不确定如何解决这个问题。

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final JwtAuthenticationFilter jwtAuthFilter;

    private final AuthenticationProvider authenticationProvider;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/v1/city/**").permitAll()
                        .requestMatchers("/api/v1/auth/**").permitAll()
                        .anyRequest().authenticated()
                )
                .csrf(AbstractHttpConfigurer::disable)
                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authenticationProvider(authenticationProvider)
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);

        return http.build();
    }
}

字符串
有没有人遇到过类似的问题。
先谢谢你了!
当我禁用:.authenticationProvider(authenticationProvider) .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);.requestMatchers("/api/v1/city/**").permitAll() .requestMatchers("/api/v1/auth/**").permitAll()然后它给出正确的响应,但然后我dissable JWT身份验证
Example of problem
Example of problem

laawzig2

laawzig21#

您正在被重定向到/error页面,该页面由spring-security保护。因此您应该允许它
添加

.requestMatchers("/error").permitAll()

字符串

相关问题