使用Spring Security和Angular时未经授权的错误

Question

我的前端基于Angular 4，后端基于Spring Boot和Spring Security。 我将所有内容都部署在一个WAR文件中。

我/src目录/主/资源创建静态/着陆文件夹，然后我把的WebPack建角文件文件夹中。

角正在登录过程的照顾，所以我创造了春季安全以下规则：

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

@Bean 
public WebMvcConfigurerAdapter mappingIndex() { 
    return new WebMvcConfigurerAdapter() { 
     @Override 
     public void addViewControllers(ViewControllerRegistry registry) { 
     registry.addViewController("/login").setViewName("forward:/landing/index.html"); 
     } 
    }; 
    } 

@Override 
protected void configure(HttpSecurity httpSecurity) throws Exception { 
    .addFilterBefore(new CORSFilter(),ChannelProcessingFilter.class) 
    .antMatchers(/"login/**").permitAll() 
    .anyRequest().authenticated(); 

不幸的是，我总是得到HTTP状态代码401（未授权）试图访问时/登录页面与网页浏览器登录。

我该如何实现以这种方式集成Angular App？因为我的安全规则在REST Apis上正常工作。

Answer 1

.antMatchers(/"login/**").permitAll()看起来不对劲，

试试这个：

@Override 
protected void configure(HttpSecurity httpSecurity) throws Exception { 
    httpSecurity 
      .authorizeRequests() 
      .antMatchers("/login/**").permitAll() 
      .anyRequest().authenticated(); 

} 

如果仍然不起作用，添加到您的application.properties

logging.level.org.springframework.security=trace 
logging.level.org.springframework.web=trace 

和后期输出

Answer 2

阅读本文Spring and Angular JS: A Secure Single Page Application

Answer 3

我跟着弗拉德的评论和不幸的是，它没有帮助。

这是输出：

[DEBUG] 19:17:02 DispatcherServlet - Initializing servlet 'dispatcherServlet' 
[INFO ] 19:17:02 [/] - Initializing Spring FrameworkServlet 'dispatcherServlet' 
[INFO ] 19:17:02 DispatcherServlet - FrameworkServlet 'dispatcherServlet': initialization started 
[DEBUG] 19:17:02 DispatcherServlet - Using MultipartResolver [org.springframework.web.multipart.support.StandardServletMultipartResolver@58f39f9b] 
[DEBUG] 19:17:02 DispatcherServlet - Unable to locate LocaleResolver with name 'localeResolver': using default [org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver@7f8644db] 
[DEBUG] 19:17:02 DispatcherServlet - Unable to locate ThemeResolver with name 'themeResolver': using default [org.springframework.web.servlet.theme.FixedThemeResolver@ba462c6] 
[DEBUG] 19:17:02 DispatcherServlet - Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@85c9b42] 
[DEBUG] 19:17:02 DispatcherServlet - Unable to locate FlashMapManager with name 'flashMapManager': using default [org.springframework.web.servlet.support.SessionFlashMapManager@50b49835] 
[DEBUG] 19:17:02 DispatcherServlet - Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet] 
[INFO ] 19:17:02 DispatcherServlet - FrameworkServlet 'dispatcherServlet': initialization completed in 36 ms 
[DEBUG] 19:17:02 DispatcherServlet - Servlet 'dispatcherServlet' configured successfully 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
[DEBUG] 19:17:02 HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@21e7c9ac 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
[DEBUG] 19:17:02 OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET] 
[DEBUG] 19:17:02 AntPathRequestMatcher - Checking match of request : '/login'; against '/logout' 
[DEBUG] 19:17:02 OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST] 
[DEBUG] 19:17:02 AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /logout 
[DEBUG] 19:17:02 OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT] 
[DEBUG] 19:17:02 AntPathRequestMatcher - Request 'GET /login' doesn't match 'PUT /logout 
[DEBUG] 19:17:02 OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE] 
[DEBUG] 19:17:02 AntPathRequestMatcher - Request 'GET /login' doesn't match 'DELETE /logout 
[DEBUG] 19:17:02 OrRequestMatcher - No matches found 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
[DEBUG] 19:17:02 AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
[DEBUG] 19:17:02 FilterChainProxy - /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
[DEBUG] 19:17:02 AntPathRequestMatcher - Checking match of request : '/login'; against '/health' 
[DEBUG] 19:17:02 AntPathRequestMatcher - Checking match of request : '/login'; against '/login/' 
[DEBUG] 19:17:02 FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login; Attributes: [permitAll] 
[DEBUG] 19:17:02 FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
[DEBUG] 19:17:02 AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4d09a382, returned: 1 
[DEBUG] 19:17:02 FilterSecurityInterceptor - Authorization successful 
[DEBUG] 19:17:02 FilterSecurityInterceptor - RunAsManager did not change Authentication object 
[DEBUG] 19:17:02 FilterChainProxy - /login reached end of additional filter chain; proceeding with original chain 
[TRACE] 19:17:02 DispatcherServlet - Bound request context to thread: SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade@9d86759]] 
[DEBUG] 19:17:02 DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/login] 
[TRACE] 19:17:02 DispatcherServlet - Testing handler map [org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping@22ce8639] in DispatcherServlet with name 'dispatcherServlet' 
[TRACE] 19:17:02 DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@3e7f487d] in DispatcherServlet with name 'dispatcherServlet' 
[DEBUG] 19:17:02 RequestMappingHandlerMapping - Looking up handler method for path /login 
[DEBUG] 19:17:02 RequestMappingHandlerMapping - Did not find handler method for [/login] 
[TRACE] 19:17:02 DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping@309b232f] in DispatcherServlet with name 'dispatcherServlet' 
[DEBUG] 19:17:02 SimpleUrlHandlerMapping - Mapping [/login] to HandlerExecutionChain with handler [org.springframework.web.servlet.mvc.ParameterizableViewController@35a0fda3] and 1 interceptor 
[TRACE] 19:17:02 DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter@3982c6c9] 
[TRACE] 19:17:02 DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter@53078313] 
[TRACE] 19:17:02 DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter@3574a6b] 
[DEBUG] 19:17:02 DispatcherServlet - Last-Modified value for [/login] is: -1 
[DEBUG] 19:17:02 BeanNameViewResolver - No matching bean found for view name 'forward:/landing/index.html' 
[TRACE] 19:17:02 DispatcherServlet - Cleared thread-bound request context: SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade@9d86759]] 
[DEBUG] 19:17:02 DispatcherServlet - Could not complete request 
javax.servlet.ServletException: Could not resolve view with name 'forward:/landing/index.html' in servlet with name 'dispatcherServlet' 
    at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1262) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE] 
    at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1037) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE] 
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:980) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE] 
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE] 
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]