1. 首頁
  2. 問答
  3. Spring Security的405

Spring Security的405

2017-04-11 146 views
1

我已經爲我的春天應用程序如下配置:Spring Security的405

@Configuration 
@EnableWebSecurity 
public class MultipleHttpSecurityConfig { 

    @Autowired 
    @Qualifier("customUserDetailsService") 
    UserDetailsService userDetailsService; 

    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService); 
     auth.authenticationProvider(authenticationProvider()); 
    } 

    @Bean 
    public PlaintextPasswordEncoder passwordEncoder() { 
     return new PlaintextPasswordEncoder(); 
    } 

    @Bean 
    public DaoAuthenticationProvider authenticationProvider() { 
     DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); 
     authenticationProvider.setUserDetailsService(userDetailsService); 
     authenticationProvider.setPasswordEncoder(passwordEncoder()); 
     return authenticationProvider; 
    } 

    @Bean 
    public AuthenticationTrustResolver getAuthenticationTrustResolver() { 
     return new AuthenticationTrustResolverImpl(); 
    } 

    @Configuration 
    @Order(1) 
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { 

     private static String REALM="MY_REALM"; 

     protected void configure(HttpSecurity http) throws Exception { 

      http.csrf().disable() 
      .authorizeRequests() 
      .antMatchers("/api/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
      .and().httpBasic().realmName(REALM).authenticationEntryPoint(getBasicAuthEntryPoint()) 
      .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
     } 

     @Bean 
     public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){ 
      return new CustomBasicAuthenticationEntryPoint(); 
     } 
    } 

    @Configuration 
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 

     @Autowired 
     PersistentTokenRepository tokenRepository; 

     @Autowired 
     @Qualifier("customUserDetailsService") 
     UserDetailsService userDetailsService; 

     @Override 
     public void configure(WebSecurity web) throws Exception { 
      web.ignoring().antMatchers("/resources/**"); 
     } 

     @Bean 
     public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() { 
      PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
        "remember-me", userDetailsService, tokenRepository); 
      return tokenBasedservice; 
     } 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http.authorizeRequests().antMatchers("/", "/index").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/categories", "/category/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/companies", "/company/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/locations", "/location/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')").and() 
        .formLogin().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username") 
        .passwordParameter("password").and().rememberMe().rememberMeParameter("remember-me") 
        .tokenRepository(tokenRepository).tokenValiditySeconds(86400).and().csrf().and().exceptionHandling() 
        .accessDeniedPage("/Access_Denied"); 
     } 
    } 

}

在API網址的,我得到了渴望的結果。但是在Web登錄時,我得到HTTP狀態405 - 請求方法'POST'不被支持。有任何想法嗎?

Spring框架是:4.3.7.RELEASE 春季安全:4.2.2.RELEASE 的degub是:

2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/resources/**' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2017-04-11 19:30:12 DEBUG HstsHeaderWriter:130 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatch 
[email protected] 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', GET] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'GET /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', POST] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/logout' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', PUT] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'PUT /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', DELETE] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'DELETE /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:72 - No matches found 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6fa90ed4: 
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 127.0.0.1; Session 
Id: B6EBB4A5A07FDC44D8E19748CE6D5E5E; Granted Authorities: ROLE_ANONYMOUS' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/api/**' 
2017-04-11 19:30:12 DEBUG FilterSecurityInterceptor:210 - Public object - authentication not attempted 
2017-04-11 19:30:12 DEBUG FilterChainProxy:310 - /login reached end of additional filter chain; proceeding with original chain 
2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login] 
2017-04-11 19:30:12 DEBUG RequestMappingHandlerMapping:310 - Looking up handler method for path /login 
2017-04-11 19:30:12 DEBUG ExceptionHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not sup 
ported 
2017-04-11 19:30:12 DEBUG ResponseStatusExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 DEBUG DefaultHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 WARN PageNotFound:215 - Request method 'POST' not supported 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1044 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1000 - Successfully completed request 
2017-04-11 19:30:12 DEBUG ExceptionTranslationFilter:116 - Chain processed normally 
2017-04-11 19:30:12 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed

來源

2017-04-11 KostasC

+0

我認爲你需要從ApiWebSecurityConfigurationAdapter類 –

回答

1

也許這就是在這個意義上映射的問題,即/login頁的處理由API處理程序,所以POST永遠不會到達登錄控制器。

哪個是API處理程序的映射?它應該是/api/*而不是//*

如果你繼承AbstractDispatcherServletInitializer配置的API模塊應該是這樣的:

 @Override 
     protected String[] getServletMappings() { 
     return new String[] { "/api/*" }; 
     }

如果這不是問題,我反正覺得,閱讀日誌,一個處理程序沒有找到/login,所以你應該調查映射。也許API映射是足夠嚴格的,但web映射不是/。很難說沒有看到配置。

您是否在GET中看到/login

來源

2017-04-19 18:14:26

+0

是過濾排除「/登錄」鏈接,我可以看到在拿到/登錄。 – KostasC

+0

您需要哪種配置? – KostasC

+0

您使用的AbstractDispatcherServletInitializer子類?我認爲這種情況類似於http://stackoverflow.com/a/42881032/1536382,因爲有兩個mapper api/web,但你看到get ...就像這個問題的其他答案,我不會看到一個名爲 –

0

螞蟻匹配器/登錄與您的配置中的任何模式都不匹配。

我猜這個配置中的「/」請求可能直接導致您的登錄頁面。

您確定您嘗試發佈的/ HeliosCMS /登錄URL是否正確?你的配置中沒有其他地方提到這個應用根目錄,所以根據你的配置,我希望調度器試圖匹配/登錄模式,而不是/ HeliosCMS/login。

2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login]

來源

2017-04-19 18:32:15

相關問題

 相關問題