Spring Security:为 HttpSecurity 全局配置时忽略 hasAuthority
Posted
技术标签:
【中文标题】Spring Security:为 HttpSecurity 全局配置时忽略 hasAuthority【英文标题】:Spring Security: hasAuthority is ignored when configured globally for HttpSecurity 【发布时间】:2017-09-21 08:32:41 【问题描述】:我在 Spring MVC 上有一个带有 OAuth2 的 REST API。
为了支持 hasRole
和 hasAuthority
等表达式处理程序,我添加了以下配置:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration
@Override
protected MethodSecurityExpressionHandler createExpressionHandler()
return new OAuth2MethodSecurityExpressionHandler();
这使得控制器上的@PreAuthorize
注释起作用:
@RequestMapping(value = "/list", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
@PreAuthorize("hasAuthority('ROLE_USER')") // This works as expected
public List<Experiment> getExperimentList()
//...
同时,我未能使所有控制器的此配置全局化:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, MyAppAuthenticationProvider authenticationProvider) throws Exception
auth.authenticationProvider(authenticationProvider);
@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http
.authorizeRequests()
.antMatchers("/api/**").hasAuthority("ROLE_USER") // This has no effect
.anyRequest().fullyAuthenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED));
@Override
public void configure(WebSecurity web) throws Exception
web.ignoring().antMatchers("/api/users/register/**");
我错过了什么?
更新1。用于请求处理的 Spring Log
12:13:37.689 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - REQUEST for //localhost:3000/api/strategies/BenchmarkAlgos/layouts on HttpChannelOverHttp@1660325fr=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts
GET //localhost:3000/api/strategies/BenchmarkAlgos/layouts HTTP/1.1
Accept-Language: en-US,en;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Referer: http://localhost:3000/strategies/BenchmarkAlgos
Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJkZWx0aXgud2JidC5hdXRoZW50aWNhdGlvbi5Vc2VyQ29udGV4dEA2ZjY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: application/json, text/plain, */*
Connection: close
Host: localhost:3000
12:13:37.689 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@7d785c33r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list onRequestComplete
12:13:37.689 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@1660325fr=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts onRequestComplete
12:13:37.689 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpInput - HttpInputOverHTTP@418cd7f1[c=0,q=1,[0]=EOF,s=STREAM] addContent EOF
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpConnection - HttpConnection@2c6695ff[SelectChannelEndPoint@30734b42/127.0.0.1:43538<->9990,Open,in,out,-,-,9/30000,HttpConnection@2c6695ffio=0/0,kio=0,kro=1][p=HttpParsers=END,0 of 0,g=HttpGenerator@1c6c8fd2s=START,c=HttpChannelOverHttp@7d785c33r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list] parsed true HttpParsers=END,0 of 0
12:13:37.690 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpInput - HttpInputOverHTTP@d40b349[c=0,q=1,[0]=EOF,s=STREAM] addContent EOF
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpConnection - releaseRequestBuffer HttpConnection@2c6695ff[SelectChannelEndPoint@30734b42/127.0.0.1:43538<->9990,Open,in,out,-,-,9/30000,HttpConnection@2c6695ffio=0/0,kio=0,kro=1][p=HttpParsers=END,0 of 0,g=HttpGenerator@1c6c8fd2s=START,c=HttpChannelOverHttp@7d785c33r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list]
12:13:37.690 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@7d785c33r=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list handle //localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpConnection - HttpConnection@30207f11[SelectChannelEndPoint@6a7a625d/127.0.0.1:43537<->9990,Open,in,out,-,-,9/30000,HttpConnection@30207f11io=0/0,kio=0,kro=1][p=HttpParsers=END,0 of 0,g=HttpGenerator@538cfd5es=START,c=HttpChannelOverHttp@1660325fr=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts] parsed true HttpParsers=END,0 of 0
12:13:37.690 [qtp114109618-22] DEBUG o.e.jetty.server.HttpChannelState - HttpChannelState@681709f3s=IDLE a=NOT_ASYNC i=true r=!P!U w=false handling IDLE
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpConnection - releaseRequestBuffer HttpConnection@30207f11[SelectChannelEndPoint@6a7a625d/127.0.0.1:43537<->9990,Open,in,out,-,-,9/30000,HttpConnection@30207f11io=0/0,kio=0,kro=1][p=HttpParsers=END,0 of 0,g=HttpGenerator@538cfd5es=START,c=HttpChannelOverHttp@1660325fr=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts]
12:13:37.690 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@1660325fr=1,c=false,a=IDLE,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts handle //localhost:3000/api/strategies/BenchmarkAlgos/layouts
12:13:37.690 [qtp114109618-21] DEBUG o.e.jetty.server.HttpChannelState - HttpChannelState@25569b01s=IDLE a=NOT_ASYNC i=true r=!P!U w=false handling IDLE
12:13:37.691 [qtp114109618-22] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@7d785c33r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list action DISPATCH
12:13:37.691 [qtp114109618-21] DEBUG org.eclipse.jetty.server.HttpChannel - HttpChannelOverHttp@1660325fr=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts action DISPATCH
12:13:37.692 [qtp114109618-21] DEBUG org.eclipse.jetty.server.Server - REQUEST GET /api/strategies/BenchmarkAlgos/layouts on HttpChannelOverHttp@1660325fr=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/layouts
12:13:37.692 [qtp114109618-22] DEBUG org.eclipse.jetty.server.Server - REQUEST GET /api/strategies/BenchmarkAlgos/experiment-set/list on HttpChannelOverHttp@7d785c33r=1,c=false,a=DISPATCHED,uri=//localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list
12:13:37.692 [qtp114109618-22] DEBUG o.e.j.server.handler.ContextHandler - scope null||/api/strategies/BenchmarkAlgos/experiment-set/list @ o.s.b.c.e.j.JettyEmbeddedWebAppContext@5c8ab9de/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE
12:13:37.692 [qtp114109618-21] DEBUG o.e.j.server.handler.ContextHandler - scope null||/api/strategies/BenchmarkAlgos/layouts @ o.s.b.c.e.j.JettyEmbeddedWebAppContext@5c8ab9de/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE
12:13:37.693 [qtp114109618-22] DEBUG o.e.j.server.handler.ContextHandler - context=||/api/strategies/BenchmarkAlgos/experiment-set/list @ o.s.b.c.e.j.JettyEmbeddedWebAppContext@5c8ab9de/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE
12:13:37.693 [qtp114109618-21] DEBUG o.e.j.server.handler.ContextHandler - context=||/api/strategies/BenchmarkAlgos/layouts @ o.s.b.c.e.j.JettyEmbeddedWebAppContext@5c8ab9de/,[file:///C:/Users/Samoussenkom/AppData/Local/Temp/jetty-docbase.623436375017274305.9990/],AVAILABLE
12:13:37.693 [qtp114109618-21] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager@2f1f9515
12:13:37.693 [qtp114109618-22] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager@2f1f9515
12:13:37.693 [qtp114109618-21] DEBUG org.eclipse.jetty.server.session - session=null
12:13:37.693 [qtp114109618-22] DEBUG org.eclipse.jetty.server.session - session=null
12:13:37.693 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - servlet |/api/strategies/BenchmarkAlgos/layouts|null -> dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.693 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - servlet |/api/strategies/BenchmarkAlgos/experiment-set/list|null -> dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.701 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - chain=characterEncodingFilter->hiddenHttpMethodFilter->httpPutFormContentFilter->requestContextFilter->springSecurityFilterChain->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.701 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - chain=characterEncodingFilter->hiddenHttpMethodFilter->httpPutFormContentFilter->requestContextFilter->springSecurityFilterChain->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.702 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter characterEncodingFilter
12:13:37.702 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter characterEncodingFilter
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter hiddenHttpMethodFilter
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter hiddenHttpMethodFilter
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter httpPutFormContentFilter
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter httpPutFormContentFilter
12:13:37.705 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter requestContextFilter
12:13:37.705 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter requestContextFilter
12:13:37.710 [qtp114109618-21] DEBUG o.s.b.w.f.OrderedRequestContextFilter - Bound request context to thread: Request(GET //localhost:3000/api/strategies/BenchmarkAlgos/layouts)@660ca9ae
12:13:37.710 [qtp114109618-22] DEBUG o.s.b.w.f.OrderedRequestContextFilter - Bound request context to thread: Request(GET //localhost:3000/api/strategies/BenchmarkAlgos/experiment-set/list)@577e2d42
12:13:37.710 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter springSecurityFilterChain
12:13:37.710 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter springSecurityFilterChain
12:13:37.710 [qtp114109618-21] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'springSecurityFilterChain'
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/api/users/register/**'
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/api/users/register/**'
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token']
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token']
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/token'
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/token'
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token_key']
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/token_key']
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/token_key'
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/token_key'
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/check_token']
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/oauth/check_token']
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/oauth/check_token'
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/oauth/check_token'
12:13:37.711 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:13:37.711 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:13:37.712 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:13:37.712 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:13:37.714 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:13:37.714 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:13:37.714 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:13:37.714 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:13:37.716 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
12:13:37.716 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/logout'
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/logout'
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'POST /logout
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'POST /logout
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'PUT /logout
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'PUT /logout
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/experiment-set/list' doesn't match 'DELETE /logout
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/strategies/BenchmarkAlgos/layouts' doesn't match 'DELETE /logout
12:13:37.716 [qtp114109618-22] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:13:37.716 [qtp114109618-21] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:13:37.716 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
12:13:37.716 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
12:13:37.730 [qtp114109618-22] DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter - Authentication success: org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR
12:13:37.730 [qtp114109618-21] DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter - Authentication success: org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR
12:13:37.730 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'webSocketEventListener'
12:13:37.730 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener'
12:13:37.730 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
12:13:37.730 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
12:13:37.732 [qtp114109618-21] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR'
12:13:37.732 [qtp114109618-22] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR'
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
12:13:37.732 [qtp114109618-22] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@4349f52c
12:13:37.732 [qtp114109618-21] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@4349f52c
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
12:13:37.732 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
12:13:37.732 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/layouts'; against '/api/**'
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/strategies/BenchmarkAlgos/experiment-set/list'; against '/api/**'
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /api/strategies/BenchmarkAlgos/layouts; Attributes: [#oauth2.throwOnError(#oauth2.hasScope('trust'))]
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /api/strategies/BenchmarkAlgos/experiment-set/list; Attributes: [#oauth2.throwOnError(#oauth2.hasScope('trust'))]
12:13:37.733 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR
12:13:37.733 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@5ba6fe75: Principal: mycompany.wbbt.authentication.UserContext@6f65e0ba; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=127.0.0.1, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: authority=ROLE_ADMINISTRATOR
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@a26c51a, returned: 1
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@a26c51a, returned: 1
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
12:13:37.738 [qtp114109618-22] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
12:13:37.738 [qtp114109618-21] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
12:13:37.739 [qtp114109618-22] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/experiment-set/list reached end of additional filter chain; proceeding with original chain
12:13:37.739 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call filter Jetty_WebSocketUpgradeFilter
12:13:37.739 [qtp114109618-21] DEBUG o.s.security.web.FilterChainProxy - /api/strategies/BenchmarkAlgos/layouts reached end of additional filter chain; proceeding with original chain
12:13:37.739 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call filter Jetty_WebSocketUpgradeFilter
12:13:37.739 [qtp114109618-22] DEBUG o.e.jetty.servlet.ServletHandler - call servlet dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.739 [qtp114109618-21] DEBUG o.e.jetty.servlet.ServletHandler - call servlet dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,jsp=null,order=-1,inst=true
12:13:37.740 [qtp114109618-21] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/api/strategies/BenchmarkAlgos/layouts]
12:13:37.740 [qtp114109618-22] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/api/strategies/BenchmarkAlgos/experiment-set/list]
12:13:37.743 [qtp114109618-21] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /api/strategies/BenchmarkAlgos/layouts
12:13:37.743 [qtp114109618-22] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /api/strategies/BenchmarkAlgos/experiment-set/list
12:13:37.753 [qtp114109618-21] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Returning handler method [public java.util.List<mycompany.wbbt.strategy.data.Manifest> mycompany.wbbt.controllers.StrategiesController.getLayoutManifests(java.lang.String,java.security.Principal) throws java.io.IOException]
12:13:37.753 [qtp114109618-21] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'strategiesController'
12:13:37.753 [qtp114109618-22] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Returning handler method [public java.util.List<mycompany.wbbt.strategy.dto.experiment.ExperimentSetDto> mycompany.wbbt.controllers.ExperimentSetResultsController.getExperimentSetListForUser(java.lang.String,java.security.Principal)]
12:13:37.754 [qtp114109618-22] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'experimentSetResultsController'
12:13:37.754 [qtp114109618-21] DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/api/strategies/BenchmarkAlgos/layouts] is: -1
12:13:37.754 [qtp114109618-22] DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/api/strategies/BenchmarkAlgos/experiment-set/list] is: -1
12:13:37.754 [qtp114109618-22] DEBUG o.s.o.j.s.OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
12:13:37.754 [qtp114109618-21] DEBUG o.s.o.j.s.OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
【问题讨论】:
【参考方案1】:好的,我知道了。
我在hasAuthority
检查时使用了错误的位置。我把那些放在
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
而正确的地方是
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
这按预期工作:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, WbbtAuthenticationProvider authenticationProvider) throws Exception
auth.authenticationProvider(authenticationProvider);
@Override
protected void configure(HttpSecurity http) throws Exception
http
.exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED));
@Override
public void configure(WebSecurity web) throws Exception
web.ignoring().antMatchers("/api/users/register/**");
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
@Override
public void configure(ResourceServerSecurityConfigurer resources)
resources
.resourceId("web");
@Override
public void configure(HttpSecurity http) throws Exception
http
.authorizeRequests()
.antMatchers("/api/**").access("hasAuthority('ROLE_USER')")
.anyRequest().fullyAuthenticated();
【讨论】:
以上是关于Spring Security:为 HttpSecurity 全局配置时忽略 hasAuthority的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security 入门(1-11)Spring Security - 匿名认证
如何在 Spring Security 中将令牌转换为身份验证?