每当我将 anyRequest() 更改为 permitAll() 时,url 就可以工作,但是当我包含 requestMatchers 时,所有 url 都会停止工作,尽管它背后有一个 permitall。
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
// .authorizeHttpRequests( authorize -> {
// authorize .requestMatchers("/", "/vps/**", "/css/**", "/fonts/**", "/images/**", "/js/**", "/layui/**").permitAll();
// authorize .requestMatchers("/user/**").hasAnyRole("ADMIN", "CUSTOMER");
// authorize .requestMatchers("/admin/**").hasAnyRole("ADMIN");
// authorize.anyRequest()
// .authenticated();
// })
.authorizeHttpRequests()
.requestMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // Tells Spring application is stateless as JWT is stored at client side
.and()
.authenticationProvider(authenticationProvider())
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); // execute jwtAuthenticationFilter before UsernamePasswordAuthenticationFilter as jwtAuthenticationFilter uses UsernamePasswordAuthenticationFilter
return http.build();
}
调试
2023-05-17T20:22:56.081-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : Securing GET /
2023-05-17T20:22:56.081-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-05-17T20:22:56.082-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : Secured GET /
2023-05-17T20:22:56.083-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : GET "/", parameters={}
2023-05-17T20:22:56.089-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.w.s.v.ContentNegotiatingViewResolver : Selected '*/*' given [*/*]
2023-05-17T20:22:56.090-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.w.servlet.view.InternalResourceView : View name 'forward:', model {}
2023-05-17T20:22:56.090-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.w.servlet.view.InternalResourceView : Forwarding to [index.html]
2023-05-17T20:22:56.091-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : Securing GET /index.html
2023-05-17T20:22:56.092-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2023-05-17T20:22:56.092-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2023-05-17T20:22:56.093-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Completed 403 FORBIDDEN
2023-05-17T20:22:56.094-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : Securing GET /error
2023-05-17T20:22:56.094-04:00 DEBUG 12220 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2023-05-17T20:22:56.094-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-05-17T20:22:56.094-04:00 DEBUG 12220 --- [nio-8080-exec-9] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access