Spring Security和KotlinDSL for HttpSecurity -无法允许h2-console

iyr7buue  于 12个月前  发布在  Spring
关注(0)|答案(1)|浏览(200)

我正在使用 Spring Boot 和安全与Kotlin与maven。这是我的SecurityFilterChain

@Bean
fun securityFilterChainDSL(http: HttpSecurity): SecurityFilterChain {
    http {
        cors { disable() }
        csrf { disable() }
        exceptionHandling { authenticationEntryPoint = unauthorizedHandler }
        //httpBasic {}
        authorizeRequests {
            authorize("/api/v1/auth/**", permitAll)
            authorize("/api/v1/swagger/**", permitAll)
            authorize("/swagger**/**", permitAll)
            authorize("/h2-console**/**", permitAll)
            authorize(matches = anyRequest, access = authenticated)
        }
        sessionManagement { sessionCreationPolicy = SessionCreationPolicy.STATELESS }
        headers { frameOptions { disable() } }
        addFilterBefore<UsernamePasswordAuthenticationFilter>(filter = jwtAuthenticationFilter)
    }
    return http.build()
}

字符串
我无法允许h2控制台如下;
http://localhost:8080/h2-console/login.jsp?jsessionid=3daf979688385fbfb46a7df556f61282
但是当我用传统的方式:)效果很好。

@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain =
    http
        .cors { it.disable() }
        .csrf { it.disable() }
        .exceptionHandling {
            it.authenticationEntryPoint(unauthorizedHandler)
        }
        .authorizeHttpRequests {
            it
                .requestMatchers(AntPathRequestMatcher("/api/v1/auth/**")).permitAll()
                .requestMatchers(AntPathRequestMatcher("/api/v1/swagger/**")).permitAll()
                .requestMatchers(AntPathRequestMatcher("/swagger**/**")).permitAll()
                .requestMatchers(AntPathRequestMatcher("/h2-console**/**")).permitAll()
                .anyRequest().authenticated()
        }
        .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
        .headers { it.frameOptions { foc -> foc.disable() } }
        .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
        .build()


我看不出有什么不同,甚至在文件。
x1c 0d1x的数据

qhhrdooz

qhhrdooz1#

好吧,我想出来了,更新了h2控制台匹配器和工作以下的数据库;

authorize(PathRequest.toH2Console(), permitAll)

字符串
完整的bean定义是;

@Bean
fun securityFilterChainDSL(http: HttpSecurity): SecurityFilterChain {
    http {
        cors { disable() }
        csrf { disable() }
        exceptionHandling { authenticationEntryPoint = unauthorizedHandler }
        //httpBasic {}
        authorizeRequests {
            authorize("/api/v1/auth/**", permitAll)
            authorize("/api/v1/swagger/**", permitAll)
            authorize("/swagger**/**", permitAll)
            //authorize("/h2-console**/**", permitAll) -> NOT WORKING
            authorize(PathRequest.toH2Console(), permitAll)
            authorize(matches = anyRequest, access = authenticated)
        }
        sessionManagement { sessionCreationPolicy = SessionCreationPolicy.STATELESS }
        headers { frameOptions { disable() } }
        addFilterBefore<UsernamePasswordAuthenticationFilter>(filter = jwtAuthenticationFilter)
    }
    return http.build()
}

相关问题