这是其余控制器的端点
/info/**
当我允许其所有工作但当我保护它然后添加令牌时它不会工作。
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
authorizationServerConfigurer.tokenIntrospectionEndpoint(a ->
a.authenticationProvider(new CustomOAuth2TokenIntrospectionAuthenticationProvider(authorizationService())));
httpSecurity.apply(authorizationServerConfigurer);
httpSecurity
.authorizeHttpRequests(requests -> requests
.requestMatchers(new AntPathRequestMatcher("/info/**")).authenticated()
.anyRequest().permitAll())
.cors(AbstractHttpConfigurer::disable)
.httpBasic(withDefaults())
.formLogin(withDefaults())
.addFilterBefore(logRequestResponseFilter, UsernamePasswordAuthenticationFilter.class)
.csrf(AbstractHttpConfigurer::disable)
;
return httpSecurity.build();
}
日志
2024-05-09T00:00:26.883+08:00 DEBUG 14264 --- [ ] o.s.web.servlet.DispatcherServlet : Completed 401 UNAUTHORIZED
2024-05-09T00:00:26.890+08:00 DEBUG 14264 --- [ ] o.s.security.web.FilterChainProxy : Securing GET /error?userId=5532f935-ca36-4768-87fa-b65fe8741bbf
2024-05-09T00:00:26.893+08:00 DEBUG 14264 --- [ ] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2024-05-09T00:00:26.894+08:00 DEBUG 14264 --- [ ] o.s.security.web.FilterChainProxy : Secured GET /error?userId=5532f935-ca36-4768-87fa-b65fe8741bbf
2024-05-09T00:00:26.895+08:00 DEBUG 14264 --- [ ] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error?userId=5532f935-ca36-4768-87fa-b65fe8741bbf", parameters={masked}
2024-05-09T00:00:26.895+08:00 DEBUG 14264 --- [ ] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2024-05-09T00:00:26.904+08:00 DEBUG 14264 --- [ ] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [*/*] and supported [application/json, application/*+json]
2024-05-09T00:00:26.904+08:00 DEBUG 14264 --- [ ] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Thu May 09 00:00:26 SGT 2024, status=401, error=Unauthorized, path=/info/}]
2024-05-09T00:00:26.910+08:00 DEBUG 14264 --- [ ] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 401
2024-05-09T00:00:26.911+08:00 DEBUG 14264 --- [ ] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-05-09T00:00:26.911+08:00 INFO 14264 --- [ ] c.e.O.filter.LogRequestResponseFilter : LoggingFilterRequestResponse: Servlet Path: /error Request parameter [Key: userId, Value: 5532f935-ca36-4768-87fa-b65fe8741bbf] Response status code: 401 Response Body: {"timestamp":"2024-05-08T16:00:26.902+00:00","status":401,"error":"Unauthorized","path":"/info/"}
您的安全过滤器链配置为使用会话 (
formLogin
) 授权请求,而不是使用访问令牌。
您需要另一个安全过滤器链 bean(带有
@Order
、securityMatcher
和 oauth2ResourceServer
)来使用 Bearer 令牌授权对某些端点的请求。