1. 首頁
  2. 問答
  3. Spring Security:當爲HttpSecurity全局配置時忽略hasAuthority

Spring Security:當爲HttpSecurity全局配置時忽略hasAuthority

2017-04-24 318 views
4

我在Spring MVC和OAuth2上有一個REST API。Spring Security:當爲HttpSecurity全局配置時忽略hasAuthority

爲了支持像hasRolehasAuthority我已經添加了以下配置表達式處理程序:

@Configuration 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration { 
    @Override 
    protected MethodSecurityExpressionHandler createExpressionHandler() { 
     return new OAuth2MethodSecurityExpressionHandler(); 
    } 
}

這對控制器工作取得@PreAuthorize註釋:

@RequestMapping(value = "/list", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 
@ResponseBody 
@PreAuthorize("hasAuthority('ROLE_USER')") // This works as expected 
public List<Experiment> getExperimentList() { 
    //... 
}

同時我失敗了使此配置對所有控制器全局:

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth, MyAppAuthenticationProvider authenticationProvider) throws Exception { 
     auth.authenticationProvider(authenticationProvider); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     super.configure(http); 
     http 
      .authorizeRequests() 
       .antMatchers("/api/**").hasAuthority("ROLE_USER") // This has no effect 
       .anyRequest().fullyAuthenticated() 
      .and() 
      .exceptionHandling() 
       .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)); 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/api/users/register/**"); 
    } 
}

我錯過了什麼?

Upd1。彈簧日誌請求處理

12:13:37.689 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - REQUEST for //localhost:3000/api/strategies/BenchmarkAlgos/layouts on [email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts} 
GET //localhost:3000/api/strategies/BenchmarkAlgos/layouts HTTP/1.1 
Accept-Language: en-US,en;q=0.8 
Accept-Encoding: gzip, deflate, sdch, br 
Referer: http://localhost:3000/strategies/BenchmarkAlgos 
Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJkZWx0aXgud2JidC5hdXRoZW50aWNhdGlvbi5Vc2VyQ29udGV4dEA2ZjY 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 
Accept: application/json, text/plain, */* 
Connection: close 
Host: localhost:3000 


12:13:37.689 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list} onRequestComplete 
12:13:37.689 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts} onRequestComplete 
12:13:37.689 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpInput - [email protected][c=0,q=1,[0]=EOF,s=STREAM] addContent EOF 
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpConnection - [email protected][[email protected]{/127.0.0.1:43538<->9990,Open,in,out,-,-,9/30000,[email protected]}{io=0/0,kio=0,kro=1}][p=HttpParser{s=END,0 of 0},[email protected]{s=START},[email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list}] parsed true HttpParser{s=END,0 of 0} 
12:13:37.690 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpInput - [email protected][c=0,q=1,[0]=EOF,s=STREAM] addContent EOF 
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpConnection - releaseRequestBuffer [email protected][[email protected]{/127.0.0.1:43538<->9990,Open,in,out,-,-,9/30000,[email protected]}{io=0/0,kio=0,kro=1}][p=HttpParser{s=END,0 of 0},[email protected]{s=START},[email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list}] 
12:13:37.690 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list} handle //localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list 
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpConnection - [email protected][[email protected]{/127.0.0.1:43537<->9990,Open,in,out,-,-,9/30000,[email protected]}{io=0/0,kio=0,kro=1}][p=HttpParser{s=END,0 of 0},[email protected]{s=START},[email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts}] parsed true HttpParser{s=END,0 of 0} 
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpChannelState - [email protected]{s=IDLE a=NOT_ASYNC i=true r=!P!U w=false} handling IDLE 
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpConnection - releaseRequestBuffer [email protected][[email protected]{/127.0.0.1:43537<->9990,Open,in,out,-,-,9/30000,[email protected]}{io=0/0,kio=0,kro=1}][p=HttpParser{s=END,0 of 0},[email protected]{s=START},[email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts}] 
12:13:37.690 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts} handle //localhost:3000/api/strategies/BenchmarkAlgos/layouts 
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpChannelState - [email protected]{s=IDLE a=NOT_ASYNC i=true r=!P!U w=false} handling IDLE 
12:13:37.691 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list} action DISPATCH 
12:13:37.691 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - [email protected]{r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts} action DISPATCH 
12:13:37.692 [qtp114109618-21] DEBUG org.eclipse.jetty.server.Server - REQUEST GET /api/strategies/BenchmarkAlgos/layouts on [email protected]{r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts} 
12:13:37.692 [qtp114109618-22] DEBUG org.eclipse.jetty.server.Server - REQUEST GET /api/strategies/BenchmarkAlgos/experiment-set/list on [email protected]{r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list} 
12:13:37.692 [qtp114109618-22] DEBUG o.e.j.server.handler.ContextHandler - scope null||/api/strategies/BenchmarkAlgos/experiment-set/list @ [email protected]{/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE} 
12:13:37.692 [qtp114109618-21] DEBUG o.e.j.server.handler.ContextHandler - scope null||/api/strategies/BenchmarkAlgos/layouts @ [email protected]{/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE} 
12:13:37.693 [qtp114109618-22] DEBUG o.e.j.server.handler.ContextHandler - context=||/api/strategies/BenchmarkAlgos/experiment-set/list @ [email protected]{/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE} 
12:13:37.693 [qtp114109618-21] DEBUG o.e.j.server.handler.ContextHandler - context=||/api/strategies/BenchmarkAlgos/layouts @ [email protected]{/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE} 
12:13:37.693 [qtp114109618-21] DEBUG org.eclipse.jetty.server.session - ses[email protected]2f1f9515 
12:13:37.693 [qtp114109618-22] DEBUG org.eclipse.jetty.server.session - ses[email protected]2f1f9515 
12:13:37.693 [qtp114109618-21] DEBUG org.eclipse.jetty.server.session - session=null 
12:13:37.693 [qtp114109618-22] DEBUG org.eclipse.jetty.server.session - session=null 
12:13:37.693 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - servlet |/api/strategies/BenchmarkAlgos/layouts|null -> [email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.693 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - servlet |/api/strategies/BenchmarkAlgos/experiment-set/list|null -> [email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.701 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - chain=characterEncodingFilter->hiddenHttpMethodFilter->httpPutFormContentFilter->requestContextFilter->springSecurityFilterChain->Jetty_WebSocketUpgradeFilter->[email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.701 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - chain=characterEncodingFilter->hiddenHttpMethodFilter->httpPutFormContentFilter->requestContextFilter->springSecurityFilterChain->Jetty_WebSocketUpgradeFilter->[email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.702 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter characterEncodingFilter 
12:13:37.702 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter characterEncodingFilter 
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter hiddenHttpMethodFilter 
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter hiddenHttpMethodFilter 
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter httpPutFormContentFilter 
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter httpPutFormContentFilter 
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter requestContextFilter 
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter requestContextFilter 
12:13:37.710 [qtp114109618-21] DEBUG o.s.b.w.f.OrderedRequestContextFilter - Bound request context to thread: Request(GET //localhost:3000/api/strategies/BenchmarkAlgos/layouts)@660ca9ae 
12:13:37.710 [qtp114109618-22] DEBUG o.s.b.w.f.OrderedRequestContextFilter - Bound request context to thread: Request(GET //localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list)@577e2d42 
12:13:37.710 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter springSecurityFilterChain 
12:13:37.710 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter springSecurityFilterChain 
12:13:37.710 [qtp114109618-21] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'springSecurityFilterChain' 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/api/users/register/**' 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/api/users/register/**' 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token'] 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token'] 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/token' 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/token' 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token_key'] 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token_key'] 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/token_key' 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/token_key' 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/check_token'] 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/check_token'] 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/check_token' 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/check_token' 
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found 
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found 
12:13:37.712 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
12:13:37.712 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
12:13:37.714 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
12:13:37.714 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
12:13:37.714 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
12:13:37.714 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
12:13:37.716 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
12:13:37.716 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET] 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET] 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/logout' 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/logout' 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST] 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST] 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'POST /logout 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'POST /logout 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT] 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT] 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'PUT /logout 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'PUT /logout 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE] 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE] 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'DELETE /logout 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'DELETE /logout 
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found 
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found 
12:13:37.716 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter' 
12:13:37.716 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter' 
12:13:37.730 [qtp114109618-22] DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter - Authentication success: or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR} 
12:13:37.730 [qtp114109618-21] DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter - Authentication success: or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR} 
12:13:37.730 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'webSocketEventListener' 
12:13:37.730 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener' 
12:13:37.730 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
12:13:37.730 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR}' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR}' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.w[email protected]4349f52c 
12:13:37.732 [qtp114109618-21] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.w[email protected]4349f52c 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/api/**' 
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/api/**' 
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /api/strategies/BenchmarkAlgos/layouts; Attributes: [#oauth2.throwOnError(#oauth2.hasScope('trust'))] 
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /api/strategies/BenchmarkAlgos/experiment-set/list; Attributes: [#oauth2.throwOnError(#oauth2.hasScope('trust'))] 
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR} 
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: or[email protected]5ba6fe75: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: {authority=ROLE_ADMINISTRATOR} 
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.sp[email protected]a26c51a, returned: 1 
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.sp[email protected]a26c51a, returned: 1 
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful 
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful 
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object 
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object 
12:13:37.739 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list reached end of additional filter chain; proceeding with original chain 
12:13:37.739 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter Jetty_WebSocketUpgradeFilter 
12:13:37.739 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts reached end of additional filter chain; proceeding with original chain 
12:13:37.739 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter Jetty_WebSocketUpgradeFilter 
12:13:37.739 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call servlet [email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.739 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call servlet [email protected]==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true 
12:13:37.740 [qtp114109618-21] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/api/strategies/BenchmarkAlgos/layouts] 
12:13:37.740 [qtp114109618-22] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/api/strategies/BenchmarkAlgos/experiment-set/list] 
12:13:37.743 [qtp114109618-21] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /api/strategies/BenchmarkAlgos/layouts 
12:13:37.743 [qtp114109618-22] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /api/strategies/BenchmarkAlgos/experiment-set/list 
12:13:37.753 [qtp114109618-21] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Returning handler method [public java.util.List<mycompany.wbbt.strategy.data.Manifest> mycompany.wbbt.controllers.StrategiesController.getLayoutManifests(java.lang.String,java.security.Principal) throws java.io.IOException] 
12:13:37.753 [qtp114109618-21] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'strategiesController' 
12:13:37.753 [qtp114109618-22] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Returning handler method [public java.util.List<mycompany.wbbt.strategy.dto.experiment.ExperimentSetDto> mycompany.wbbt.controllers.ExperimentSetResultsController.getExperimentSetListForUser(java.lang.String,java.security.Principal)] 
12:13:37.754 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'experimentSetResultsController' 
12:13:37.754 [qtp114109618-21] DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/api/strategies/BenchmarkAlgos/layouts] is: -1 
12:13:37.754 [qtp114109618-22] DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/api/strategies/BenchmarkAlgos/experiment-set/list] is: -1 
12:13:37.754 [qtp114109618-22] DEBUG o.s.o.j.s.OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor 
12:13:37.754 [qtp114109618-21] DEBUG o.s.o.j.s.OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor

來源

2017-04-24 user1921819

回答

1

好的,我明白了。

我在hasAuthority檢查中使用了錯誤的地方。我把那些

public class WebSecurityConfig extends WebSecurityConfigurerAdapter

而適當的地方是

protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter

這按預期工作:

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth, WbbtAuthenticationProvider authenticationProvider) throws Exception { 
     auth.authenticationProvider(authenticationProvider); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .exceptionHandling() 
       .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)); 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/api/users/register/**"); 
    } 
} 

@Configuration 
@EnableResourceServer 
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 
    @Override 
    public void configure(ResourceServerSecurityConfigurer resources) { 
     resources 
      .resourceId("web"); 
    } 

    @Override 
    public void configure(HttpSecurity http) throws Exception { 
     http 
      .authorizeRequests() 
      .antMatchers("/api/**").access("hasAuthority('ROLE_USER')") 
      .anyRequest().fullyAuthenticated(); 
    } 
}

來源

2017-04-25 12:22:24 user1921819

相關問題

 相關問題