AbstractRequestMatcherRegistry 类型中的 requestMatchers 方法不适用于参数 (String, String)

问题描述 投票:0回答:1

我正在使用 SQL Server 2019 进行 Spring Boot Web 应用程序。现在我正在尝试使用 Spring Security 进行 JWT 身份验证和授权,但我的

SecurityConfig.java
的 requestMatchers 出现错误:

AbstractRequestMatcherRegistry 类型中的 requestMatchers(RequestMatcher...) 方法不适用于参数 (String, String)Java(67108979)

我不知道为什么会发生这种情况,因为我看到很多人使用 requestMatchers 并且运行良好,上面没有红线。 这是 SecurityConfig.java:

package com.example.demologin.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import com.example.demologin.filter.JwtAuthenticationFilter; import com.example.demologin.service.UserDetailsServiceImp; @Configuration @EnableWebSecurity public class SecurityConfig { private final UserDetailsServiceImp userDetailsServiceImp; private final JwtAuthenticationFilter jwtAuthenticationFilter; private final CustomLogoutHandler logoutHandler; public SecurityConfig(UserDetailsServiceImp userDetailsServiceImp, JwtAuthenticationFilter jwtAuthenticationFilter, CustomLogoutHandler logoutHandler) { this.userDetailsServiceImp = userDetailsServiceImp; this.jwtAuthenticationFilter = jwtAuthenticationFilter; this.logoutHandler = logoutHandler; } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests( req->req.requestMatchers("/login/**","/register/**") .permitAll() .requestMatchers("/admin_only/**").hasAuthority("ADMIN") .anyRequest() .authenticated() ).userDetailsService(userDetailsServiceImp) .sessionManagement(session->session .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) .exceptionHandling( e->e.accessDeniedHandler( (request, response, accessDeniedException)->response.setStatus(403) ) .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))) .logout(l->l .logoutUrl("/logout") .addLogoutHandler(logoutHandler) .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext() )) .build(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception { return configuration.getAuthenticationManager(); } }
这是我的 pom.xml:

<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.7.18</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demologin</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demologin</name> <description>Demo project for Spring Boot</description> <properties> <java.version>11</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <version>3.2.5</version> </dependency> <dependency> <groupId>com.microsoft.sqlserver</groupId> <artifactId>mssql-jdbc</artifactId> <version>9.4.0.jre11</version> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.12.3</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <version>0.12.3</version> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <version>0.12.3</version> <scope>runtime</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
这是我完整的src代码:

https://github.com/phuccoder/demojwt.git

    我已经更改为 antMatchers,但我测试 localhost:8080/register 或任何 url,它给了我 403 状态。
sql-server spring spring-security jwt
1个回答
0
投票
你用哪个都可以

  • req.antMatchers("/login", "/register")
    
    
  • req.requestMatchers(new AntPathRequestMatcher("/login"), new AntPathRequestMatcher("/register"))
    
    
在你的

SecurityConfig.securityFilterChain()

您使用

403

 获得 
antMatchers
 状态代码的原因是因为您实现 
JwtAuthenticationFilter
 的方式始终需要 
Authorization
 标头,如果您不提供它,您将得到一个 
NullPointerException
 导致到错误。

您的实现中可能存在一些逻辑流程,例如要求注册和登录都经过身份验证(即如果用户尚未注册,如何进行身份验证?)或检测到

JwtAuthenticationFilter.doFilterInternal()

时立即返回
Authorization: Bearer
标题(这可能不是你想要的)。

此外,当你应该做

AuthenticationService.register()

时,你却做了
user.setRole(user.getRole())
,这肯定存在一个错误

© www.soinside.com 2019 - 2024. All rights reserved.