从 Spring Boot Starter 1.3.5.RELEASE 升级到 1.5.2 RELEASE 时 Spring Security 中的访问被拒绝错误
Posted
技术标签:
【中文标题】从 Spring Boot Starter 1.3.5.RELEASE 升级到 1.5.2 RELEASE 时 Spring Security 中的访问被拒绝错误【英文标题】:Access Denied Error in Spring Secirity while upgrading from spring boot starter 1.3.5.RELEASE to 1.5.2RELEASE 【发布时间】:2017-08-14 21:38:09 【问题描述】:我正在使用以下依赖项。
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka-server</artifactId>
</dependency>
<!-- zuul Spring Security dependencies -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-zuul</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- Bean Validation provider -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>
<!-- Spring Security dependencies -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<!-- OAuth -->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- jwt signer -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-parent</artifactId>
<version>Camden.SR6</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
为了适应 spring-cloud-starter-parent 到 Camden.SR6 的版本升级,我不得不升级我的 Spring Boot 版本。
在升级过程中,正常工作的其余端点 /home/sample 开始出现 403 禁止错误。
安全配置文件:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception
auth.userDetailsService(userDetailsService).passwordEncoder(getPasswordEncoder());
private Md5PasswordEncoder getPasswordEncoder()
return new Md5PasswordEncoder();
@Override
protected void configure(HttpSecurity http) throws Exception
http.csrf().disable().anonymous().disable().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest)
.permitAll().antMatchers("/home/sample").authenticated().antMatchers("/home/**").authenticated();
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
@Bean
public TokenStore tokenStore()
return new InMemoryTokenStore();
@Bean
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore)
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
@Bean
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
【问题讨论】:
登录成功后出现异常? 是的@aliakbarazizkhani 你想要 permi /home/sample?还是不行? 是的,我需要允许它 .antMatchers("/home/sample").permitAll() 【参考方案1】:把你的配置改成这个
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception
auth.userDetailsService(userDetailsService).passwordEncoder(getPasswordEncoder());
private Md5PasswordEncoder getPasswordEncoder()
return new Md5PasswordEncoder();
@Override
protected void configure(HttpSecurity http) throws Exception
http.csrf().disable().anonymous().disable()
.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest)
.permitAll()
.antMatchers("/home/sample").permitAll()
.antMatchers("/home/**").authenticated();
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
@Bean
public TokenStore tokenStore()
return new InMemoryTokenStore();
@Bean
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore)
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
@Bean
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
【讨论】:
以上是关于从 Spring Boot Starter 1.3.5.RELEASE 升级到 1.5.2 RELEASE 时 Spring Security 中的访问被拒绝错误的主要内容,如果未能解决你的问题,请参考以下文章
只需4步,自己搞个 Spring Boot Starter !
从jdbc到spring-boot-starter-jdbc
使用 JUnit 5 的 spring-boot-starter-test