我为我的Spring-boot应用程序实现了一个自定义过滤器,但仍然无法让请求通过SecurityFilterChain bean。
下面是我的bean中的代码。它被加载时,我启动应用程序,但被忽略,当我做一个请求,任何想法可能是什么问题?
@Configuration
@EnableWebSecurity
public class ProjectSecurityConfig {
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception{
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().cors().configurationSource(new CorsConfigurationSource() {
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowCredentials(true);
config.setExposedHeaders(Collections.singletonList("Authorization"));
config.setMaxAge(86400L);
return config;
}
}).and()
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.addFilterAfter(new JWTTokenGeneratorFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(new JWTTokenValidatorFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("api/login", "api/registration/**").permitAll()
.antMatchers(HttpMethod.POST, "api/questions/**", "api/exams").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "api/users/").hasRole("ADMIN")
.antMatchers("api/questions/**", "api/exams", "api/complete-exam").hasRole("USER")
.and().formLogin()
.and().httpBasic();
return http.build();
}
}
我尝试了一些配置,在spring应用程序中禁用deafultFilters: @SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
但是请求仍然没有通过这个FilterChain。
只需将您的bean从defaultSecurityFilterChain重命名为另一个名称,因为该名称已经是Spring创建的默认名称,并且您的名称将被覆盖。