1. 首页
  2. 问答
  3. Spring Security的405

Spring Security的405

2017-04-11 145 views
1

我已经为我的春天应用程序如下配置:Spring Security的405

@Configuration 
@EnableWebSecurity 
public class MultipleHttpSecurityConfig { 

    @Autowired 
    @Qualifier("customUserDetailsService") 
    UserDetailsService userDetailsService; 

    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService); 
     auth.authenticationProvider(authenticationProvider()); 
    } 

    @Bean 
    public PlaintextPasswordEncoder passwordEncoder() { 
     return new PlaintextPasswordEncoder(); 
    } 

    @Bean 
    public DaoAuthenticationProvider authenticationProvider() { 
     DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); 
     authenticationProvider.setUserDetailsService(userDetailsService); 
     authenticationProvider.setPasswordEncoder(passwordEncoder()); 
     return authenticationProvider; 
    } 

    @Bean 
    public AuthenticationTrustResolver getAuthenticationTrustResolver() { 
     return new AuthenticationTrustResolverImpl(); 
    } 

    @Configuration 
    @Order(1) 
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { 

     private static String REALM="MY_REALM"; 

     protected void configure(HttpSecurity http) throws Exception { 

      http.csrf().disable() 
      .authorizeRequests() 
      .antMatchers("/api/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
      .and().httpBasic().realmName(REALM).authenticationEntryPoint(getBasicAuthEntryPoint()) 
      .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
     } 

     @Bean 
     public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){ 
      return new CustomBasicAuthenticationEntryPoint(); 
     } 
    } 

    @Configuration 
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 

     @Autowired 
     PersistentTokenRepository tokenRepository; 

     @Autowired 
     @Qualifier("customUserDetailsService") 
     UserDetailsService userDetailsService; 

     @Override 
     public void configure(WebSecurity web) throws Exception { 
      web.ignoring().antMatchers("/resources/**"); 
     } 

     @Bean 
     public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() { 
      PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
        "remember-me", userDetailsService, tokenRepository); 
      return tokenBasedservice; 
     } 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http.authorizeRequests().antMatchers("/", "/index").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/categories", "/category/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/companies", "/company/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/locations", "/location/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')").and() 
        .formLogin().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username") 
        .passwordParameter("password").and().rememberMe().rememberMeParameter("remember-me") 
        .tokenRepository(tokenRepository).tokenValiditySeconds(86400).and().csrf().and().exceptionHandling() 
        .accessDeniedPage("/Access_Denied"); 
     } 
    } 

}

在API网址的,我得到了渴望的结果。但是在Web登录时,我得到HTTP状态405 - 请求方法'POST'不被支持。有任何想法吗?

Spring框架是:4.3.7.RELEASE 春季安全:4.2.2.RELEASE 的degub是:

2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/resources/**' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2017-04-11 19:30:12 DEBUG HstsHeaderWriter:130 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatch 
[email protected] 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', GET] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'GET /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', POST] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/logout' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', PUT] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'PUT /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', DELETE] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'DELETE /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:72 - No matches found 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6fa90ed4: 
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 127.0.0.1; Session 
Id: B6EBB4A5A07FDC44D8E19748CE6D5E5E; Granted Authorities: ROLE_ANONYMOUS' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/api/**' 
2017-04-11 19:30:12 DEBUG FilterSecurityInterceptor:210 - Public object - authentication not attempted 
2017-04-11 19:30:12 DEBUG FilterChainProxy:310 - /login reached end of additional filter chain; proceeding with original chain 
2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login] 
2017-04-11 19:30:12 DEBUG RequestMappingHandlerMapping:310 - Looking up handler method for path /login 
2017-04-11 19:30:12 DEBUG ExceptionHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not sup 
ported 
2017-04-11 19:30:12 DEBUG ResponseStatusExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 DEBUG DefaultHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 WARN PageNotFound:215 - Request method 'POST' not supported 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1044 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1000 - Successfully completed request 
2017-04-11 19:30:12 DEBUG ExceptionTranslationFilter:116 - Chain processed normally 
2017-04-11 19:30:12 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed

来源

2017-04-11 KostasC

+0

我认为你需要从ApiWebSecurityConfigurationAdapter类 –

回答

1

也许这就是在这个意义上映射的问题,即/login页的处理由API处理程序,所以POST永远不会到达登录控制器。

哪个是API处理程序的映射?它应该是/api/*而不是//*

如果你继承AbstractDispatcherServletInitializer配置的API模块应该是这样的:

 @Override 
     protected String[] getServletMappings() { 
     return new String[] { "/api/*" }; 
     }

如果这不是问题,我反正觉得,阅读日志,一个处理程序没有找到/login,所以你应该调查映射。也许API映射是足够严格的,但web映射不是/。很难说没有看到配置。

您是否在GET中看到/login

来源

2017-04-19 18:14:26

+0

是过滤排除“/登录”链接,我可以看到在拿到/登录。 – KostasC

+0

您需要哪种配置? – KostasC

+0

您使用的AbstractDispatcherServletInitializer子类?我认为这种情况类似于http://stackoverflow.com/a/42881032/1536382,因为有两个mapper api/web,但你看到get ...就像这个问题的其他答案,我不会看到一个名为 –

0

蚂蚁匹配器/登录与您的配置中的任何模式都不匹配。

我猜这个配置中的“/”请求可能直接导致您的登录页面。

您确定您尝试发布的/ HeliosCMS /登录URL是否正确?你的配置中没有其他地方提到这个应用根目录,所以根据你的配置,我希望调度器试图匹配/登录模式,而不是/ HeliosCMS/login。

2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login]

来源

2017-04-19 18:32:15

相关问题

 相关问题