大家好
我有一个使用 Vaadin 24.0.3、Spring boot 3.0.5、Java 17 的 Java 项目,您可以在 此链接上看到完整的项目。
这是我在尝试实现 SecurityConfig 类时遇到的错误:
来自服务器的无效 JSON 响应: window.Vaadin = window.Vaadin || {};window.Vaadin.VaadinLicenseChecker = { MaybeCheck: (productInfo) => { }};window.Vaadin.devTools = window.Vaadin.devTools || {};window.Vaadin.devTools.createdCvdlElements = window.Vaadin.devTools.createdCvdlElements || [];window.Vaadin.originalCustomElementDefineFn = window.Vaadin.originalCustomElementDefineFn || window.customElements.define;window.customElements.define = function (tagName, constructor, ...args) {const { cvdlName, version } = 构造函数;if (cvdlName && version) { const {connectedCallback } = constructor.prototype; constructor.prototype.connectedCallback = function () { window.Vaadin.devTools.createdCvdlElements.push(this); } if (connectedCallback) {connectedCallback.call(this); } }}window.Vaadin.originalCustomElementDefineFn.call(this, tagName, 构造函数, ...args);};窗口.Vaadin = 窗口.Vaadin || {};window.Vaadin.ConsoleErrors = window.Vaadin.ConsoleErrors || [];const browserConsoleError = window.console.error.bind(window.console);console.error = (...args) => { browserConsoleError(...args); window.Vaadin.ConsoleErrors.push(args);};window.onerror = (消息、源、lineno、colno、错误) => {const location=source+':'+lineno+':'+colno;window.Vaadin. ConsoleErrors.push([message, '('+location+')']);};window.addEventListener('unhandledrejection', e => { window.Vaadin.ConsoleErrors.push([e.reason]);});窗口.Vaadin = 窗口.Vaadin || {}; window.Vaadin.developmentMode = true; if (!('CSSLayerBlockRule' in window)) { window.location.search='v-r=oldbrowser'; } 窗口.Vaadin = 窗口.Vaadin || {};window.Vaadin.TypeScript= {}; window.JSCompiler_renameProperty = function(a) { return a;} body, #outlet { height: 100vh; }宽度:100%;保证金:0; } .v-reconnect-dialog,.v-system-error {位置:绝对;颜色:黑色;背景:白色;顶部:1em;右侧:1em;边框:1px纯黑;填充:1em;z-index:10000 ;最大宽度: calc(100vw - 4em);最大高度: calc(100vh - 4em);溢出: auto;} .v-system-error {颜色: indianred;指针事件: auto;} .v-system -error h3, .v-system-error b {颜色:红色;} [隐藏] { 显示:无!重要; } 窗口.Vaadin = 窗口.Vaadin || {}; window.Vaadin.registrations = window.Vaadin.registrations || []; window.Vaadin.registrations.push({"is":"flow/SpringInstantiator","version":"24.0.3"},{"is":"路由/服务器","version":"24.0.3" },{"is":"flow/app-dev-bundle","version":"24.0.3"},{"is":"java","version":"17.0.5"});
如果我注释掉方法“setLoginView(http, LoginView.class”),我可以进入我的登录视图页面,但我的路线都没有按预期工作,因为我收到以下错误消息 - 单击它们不会不起作用并将我重定向到相同的错误消息:
无法导航至“主” 可用路线: 管理面板 电影院 确认/:___url_parameter(需要参数) 主要的 预测 登记 门票 此详细消息仅在开发模式下运行时显示。
这是SecurityConfig类
package com.finals.cinema.security;
import com.finals.cinema.view.LoginView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {
@Override
protected void configure(HttpSecurity http) throws Exception {
// Delegating the responsibility of general configurations
// of http security to the super class. It's configuring
// the followings: Vaadin's CSRF protection by ignoring
// framework's internal requests, default request cache,
// ignoring public views annotated with @AnonymousAllowed,
// restricting access to other views/endpoints, and enabling
// ViewAccessChecker authorization.
// You can add any possible extra configurations of your own
// here (the following is just an example):
// http.rememberMe().alwaysRemember(false);
// Configure your static resources with public access before calling
// super.configure(HttpSecurity) as it adds final anyRequest matcher
// http.authorizeHttpRequests().requestMatchers(new AntPathRequestMatcher("/*"))
// .permitAll();
super.configure(http);
// This is important to register your login view to the
// view access checker mechanism:
// setLoginView(http, LoginView.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
// Customize your WebSecurity configuration.
super.configure(web);
}
/**
* Demo UserDetailsManager which only provides two hardcoded
* in memory users and their roles.
* NOTE: This shouldn't be used in real world applications.
*/
@Bean
public UserDetailsManager userDetailsService() {
UserDetails user =
User.withUsername("user")
.password("{noop}user")
.roles("USER")
.build();
UserDetails admin =
User.withUsername("admin")
.password("{noop}admin")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
}
到目前为止我尝试过的:
setLoginView(http, LoginView.class);
setLoginView(http, "");
setLoginView(http, "/");
setLoginView(http, MainView.class) - 应用程序的工作方式就好像没有配置安全性,并且所有路由都可以公开/无需登录。
编辑:这是来自 Spring Security 的调试日志。
2023-06-20T22:53:26.208+03:00 DEBUG 18424 --- [nio-8888-exec-1] o.s.security.web.FilterChainProxy : Secured GET /VAADIN/dev-bundle/VAADIN/build/FlowClient-e0ae8105.js
2023-06-20T22:53:26.289+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.security.web.FilterChainProxy : Securing GET /VAADIN/themes/flowcrmtutorial/styles.css
2023-06-20T22:53:26.289+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-06-20T22:53:26.290+03:00 DEBUG 18424 --- [nio-8888-exec-2] o.s.security.web.FilterChainProxy : Secured GET /VAADIN/themes/flowcrmtutorial/styles.css
2023-06-20T22:53:26.297+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.security.web.FilterChainProxy : Securing POST /?v-r=uidl&v-uiId=3
2023-06-20T22:53:26.444+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.s.a.dao.DaoAuthenticationProvider : Failed to find user ''
2023-06-20T22:53:26.446+03:00 DEBUG 18424 --- [nio-8888-exec-4] o.s.s.web.DefaultRedirectStrategy : Redirecting to /?error
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.security.web.FilterChainProxy : Securing GET /?error
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-06-20T22:53:26.450+03:00 DEBUG 18424 --- [nio-8888-exec-5] o.s.security.web.FilterChainProxy : Secured GET /?error
虽然这并不能解释为什么会发生这种情况。使用
setLoginView(http, "/ ")