1. Accueil
  2. Question et réponse
  3. Spring SecurityConfig ne fonctionne pas

Spring SecurityConfig ne fonctionne pas

2016-12-07 3 views
2

J'ai joué avec cela depuis un certain temps, mais il ne semble pas être connecté à mon projet.Spring SecurityConfig ne fonctionne pas

Voici le fichier de la dernière fois que je l'ai modifié. J'ai tout permis pour que je puisse tester si ce fichier fonctionne ou pas. Je reçois toujours l'erreur 401 lorsque je n'inclue aucune authentification.

Une idée de ce qui me manque?

package org.springframework.security.samples.config; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.http.HttpMethod; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; 

@Configuration 
@EnableWebMvcSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().anyRequest().permitAll(); 
    } 
}

EDIT

Voici les journaux de débogage de sécurité lorsque je démarre l'application

2016-12-07 23:24:48.673 DEBUG 15640 --- [   main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration=org.springframework.boot.autoconfigure.security.Spri[email protected]68fc9167}  
2016-12-07 23:24:48.827 DEBUG 15640 --- [   main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasAnyRole('ROLE_USER')', for [email protected]1 
2016-12-07 23:24:48.834 DEBUG 15640 --- [   main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes 
2016-12-07 23:24:48.835 DEBUG 15640 --- [   main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes

Voici les journaux de débogage de sécurité quand je fais l'appel de repos

2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/css/**' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/js/**' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/images/**' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/webjars/**' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/**/favicon.ico' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/error' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/**'] 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request '/users' matched by universal pattern '/**' 
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m matched 
[2m2016-12-07 23:29:19.115[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
[2m2016-12-07 23:29:19.116[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
[2m2016-12-07 23:29:19.118[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
[2m2016-12-07 23:29:19.119[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
[2m2016-12-07 23:29:19.119[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', GET] 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'GET /logout 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', POST] 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/logout' 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', PUT] 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'PUT /logout 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', DELETE] 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'DELETE /logout 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m No matches found 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
[2m2016-12-07 23:29:19.121[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy  [0;39m [2m:[0;39m /users at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
[2m2016-12-07 23:29:19.124[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.i.FilterSecurityInterceptor [0;39m [2m:[0;39m Secure object: FilterInvocation: URL: /users; Attributes: [hasAnyRole('ROLE_USER')] 
[2m2016-12-07 23:29:19.124[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.i.FilterSecurityInterceptor [0;39m [2m:[0;39m Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
[2m2016-12-07 23:29:19.128[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.access.vote.AffirmativeBased  [0;39m [2m:[0;39m Voter: org.sp[email protected]6175291d, returned: -1 
[2m2016-12-07 23:29:19.134[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.ExceptionTranslationFilter [0;39m [2m:[0;39m Access is denied (user is anonymous); redirecting to authentication entry point 

org.springframework.security.access.AccessDeniedException: Access is denied 
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_112] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_112] 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.6.jar:8.5.6] 
    at java.lang.Thread.run(Unknown Source) [na:1.8.0_112] 

[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.ExceptionTranslationFilter [0;39m [2m:[0;39m Calling Authentication entry point. 
[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.header.writers.HstsHeaderWriter [0;39m [2m:[0;39m Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]5e6187fd 
[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.s.w.c.SecurityContextPersistenceFilter[0;39m [2m:[0;39m SecurityContextHolder now cleared, as request processing completed

Source

2016-12-07 Arya

+0

@kuhajeyan Je n'ai pas web.xml, tout ce que j'ai est pom.xml J'utilise Spring Boot 4 – Arya

Répondre

0

Probablement I Il me manque quelque chose. Je ne sais pas pourquoi vous utilisez @EnableWebMvcSecurity avec Spring Boot, c'est déprécié, mais ce n'est pas le point.

Si vous utilisez Spring Boot et que vous souhaitez créer une configuration de sécurité qui permettent à chaque appel, vous pouvez le faire comme ceci:

@EnableWebSecurity 
@Configuration 
class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().anyRequest().permitAll(); 
    } 
}

Source

2016-12-07 10:41:11 rick

0

Vous ne désactivez pas la configuration de sécurité par défaut, si Spring Boot utilise la configuration de sécurité par défaut, voir Spring Boot Reference Guide:

la configuration de sécurité par défaut est mis en œuvre SecurityAutoConfiguration et dans les classes importées de là (SpringBootWebSecurityConfiguration pour la sécurité Web et AuthenticationManagerConfiguration pour l'authentification configuration qui est également pertinente dans les applications non-web). Pour désactiver complètement la configuration de sécurité de l'application Web par défaut, vous pouvez ajouter un bean avec @EnableWebSecurity (cela ne désactive pas la configuration du gestionnaire d'authentification ou la sécurité de l'actionneur). Pour le personnaliser, vous utilisez normalement les propriétés externes et les beans de type WebSecurityConfigurerAdapter (par exemple, pour ajouter une connexion basée sur un formulaire). Pour désactiver également la configuration du gestionnaire d'authentification, vous pouvez ajouter un bean de type AuthenticationManager ou configurer le gestionnaire d'authentification global en générant un AuthenticationManagerBuilder dans une méthode de l'une de vos classes @Configuration. Il existe plusieurs applications sécurisées dans les exemples Spring Boot pour vous aider à démarrer avec des cas d'utilisation courants.

Les caractéristiques de base que vous sortez de la boîte dans une application web sont:

  • Un haricot AuthenticationManager avec magasin en mémoire et un seul utilisateur (voir SecurityProperties.User pour les propriétés de l'utilisateur).
  • Chemins ignorés (non sécurisés) pour des emplacements de ressources statiques communs (/css/**, /js/**, /images/**, /webjars/** et **/favicon.ico).
  • HTTP Sécurité de base pour tous les autres points de terminaison.
  • Événements de sécurité publiés sur ApplicationEventPublisher de Spring (authentification et accès refusés réussis ou échoués).
  • Les fonctions communes de bas niveau (HSTS, XSS, CSRF, mise en cache) fournies par Spring Security sont activées par défaut.

Tous les éléments ci-dessus peuvent être activés et désactivés ou modifiés à l'aide de propriétés externes (security.*). Pour remplacer les règles d'accès sans modifier d'autres fonctions configurées automatiquement, ajoutez un @Bean de type WebSecurityConfigurerAdapter avec @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) et configurez-le pour répondre à vos besoins.

Voir aussi spring-boot-sample-web-secure:

@Configuration 
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) 
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter { 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin() 
       .loginPage("/login").failureUrl("/login?error").permitAll().and() 
       .logout().permitAll(); 
    } 

    @Override 
    public void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.inMemoryAuthentication().withUser("admin").password("admin") 
       .roles("ADMIN", "USER").and().withUser("user").password("user") 
       .roles("USER"); 
    } 
}

Source

2016-12-08 09:38:17 dur

0

Essayez de ne pas tenir compte du tout:

@Override 
     public void configure(WebSecurity web) throws Exception { 
      web.ignoring().antMatchers("/**"); 
     }

Source

2016-12-10 19:57:44 Artegon

 Questions connexes

  • Aucun problème connexe^_^