我正在尝试将应用程序从 Spring Boot 2.7.18 更新到 Spring Boot 3.0.0。但是,由于(我相信)从 Spring Security 5.7.11 更新到 6.0.0,我面临一个问题。问题是我设置了一个自定义登录页面,但是当我尝试访问某个端点时,我会循环重定向到此登录页面,直到浏览器抛出错误 ERR_TOO_MANY_REDIRECTS。
我尝试简化我的应用程序,仅保留与问题相关的内容。在 Spring 2.7 中,我有一个 SecurityConfig:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(requests -> requests
.antMatchers("/static/**").permitAll()
.anyRequest().authenticated()
);
http.formLogin(login -> login
.loginPage("/login")
.loginProcessingUrl("/userAuth")
.permitAll()
);
http.csrf().disable();
}
}
和 MvcConfig:
@Configuration
public class MvcConfig implements WebMvcConfigurer {
public static final String FORWARD = "forward:/";
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/{spring:\\w+}")
.setViewName(FORWARD);
registry.addViewController("/**/{spring:\\w+}")
.setViewName(FORWARD);
registry.addViewController("/{spring:\\w+}/**{spring:?!(\\.js|\\.css)$}")
.setViewName(FORWARD);
}
}
我的资源文件组织如下:
src
| main
| | java
| | | resources
| | | | static
| | | | | asset-manifest.json
| | | | | favicon.ico
| | | | | index.html
| | | | | logo192.png
| | | | | logo512.png
| | | | | manifest.json
| | | | | robots.txt
| | | | | static
| | | | | | css ...
| | | | | | js ...
| | | | | | media ...
在index.html中我可以到达前端的
/login/我的 pom 具有以下依赖项(我使用的是 Java 17):
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
还有我的application.properties:
logging.level.org.springframework.security=TRACE
spring.mvc.pathmatch.matching-strategy=ant_path_matcher
在 Spring 2.7 中,这工作得很好,当我访问
http://localhost:8080/loginhttp://localhost:8080/我更新到 Spring Boot 3.0.0,进行了以下更改:
@Configuration
public class SecurityConfig {
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(requests -> requests
.requestMatchers(antMatcher("/static/**")).permitAll()
.anyRequest().authenticated()
);
http.formLogin(login -> login
.loginPage("/login").permitAll()
.loginProcessingUrl("/userAuth")
.permitAll()
);
http.csrf().disable();
return http.build();
}
}
这会导致错误 ERR_TOO_MANY_REDIRECTS。
使用Spring 3.0时,即初始化日志:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.0.0)
2024-05-08T15:38:38.352-03:00 INFO 2928 --- [ main] c.e.s.SecuritySpring3Application : Starting SecuritySpring3Application using Java 21.0.2 with PID 2928
2024-05-08T15:38:38.355-03:00 INFO 2928 --- [ main] c.e.s.SecuritySpring3Application : No active profile set, falling back to 1 default profile: "default"
2024-05-08T15:38:39.407-03:00 INFO 2928 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2024-05-08T15:38:39.418-03:00 INFO 2928 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2024-05-08T15:38:39.419-03:00 INFO 2928 --- [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.1]
2024-05-08T15:38:39.513-03:00 INFO 2928 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2024-05-08T15:38:39.514-03:00 INFO 2928 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1104 ms
2024-05-08T15:38:39.624-03:00 TRACE 2928 --- [ main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration=org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration@28f4f300}
2024-05-08T15:38:39.628-03:00 WARN 2928 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 8aa72fad-3d16-4a4e-9385-7a88ff0d4549
This generated password is for development use only. Your security configuration must be updated before running your application in production.
2024-05-08T15:38:39.736-03:00 DEBUG 2928 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression [permitAll] for ExactUrl [processUrl='/login?error']
2024-05-08T15:38:39.758-03:00 DEBUG 2928 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression [permitAll] for ExactUrl [processUrl='/userAuth']
2024-05-08T15:38:39.758-03:00 DEBUG 2928 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression [permitAll] for ExactUrl [processUrl='/login']
2024-05-08T15:38:39.758-03:00 DEBUG 2928 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression [permitAll] for Ant [pattern='/static/**']
2024-05-08T15:38:39.758-03:00 DEBUG 2928 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression [authenticated] for any request
2024-05-08T15:38:39.766-03:00 TRACE 2928 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2024-05-08T15:38:39.768-03:00 TRACE 2928 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2024-05-08T15:38:39.769-03:00 INFO 2928 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@70721c12, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@769bd849, org.springframework.security.web.context.SecurityContextHolderFilter@1c3259fa, org.springframework.security.web.header.HeaderWriterFilter@7209ffb5, org.springframework.security.web.authentication.logout.LogoutFilter@1d8b0500, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@294f9d50, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6807a356, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7ddd84b5, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@101ca8da, org.springframework.security.web.access.ExceptionTranslationFilter@3eb292cd, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@40ac6b76]
2024-05-08T15:38:39.894-03:00 INFO 2928 --- [ main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2024-05-08T15:38:40.056-03:00 INFO 2928 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2024-05-08T15:38:40.063-03:00 INFO 2928 --- [ main] c.e.s.SecuritySpring3Application : Started SecuritySpring3Application in 2.136 seconds (process running for 3.033)
当我访问
http://localhost:8080/2024-05-08T15:55:41.472-03:00 DEBUG 16468 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/?continue to session
2024-05-08T15:55:41.472-03:00 DEBUG 16468 --- [nio-8080-exec-7] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login
2024-05-08T15:55:41.472-03:00 TRACE 16468 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@6232ffdb, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@330c1f61, org.springframework.security.web.context.SecurityContextHolderFilter@59ce792e, org.springframework.security.web.header.HeaderWriterFilter@7c2dfa2, org.springframework.security.web.authentication.logout.LogoutFilter@6c6017b9, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d68b571, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@404db674, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@50f097b5, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@37d28f02, org.springframework.security.web.access.ExceptionTranslationFilter@313f8301, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5a0bef24]] (1/1)
2024-05-08T15:55:41.475-03:00 DEBUG 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing GET /login
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (5/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (6/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/userAuth', POST]
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (7/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-05-08T15:55:41.475-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (9/11)
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (10/11)
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (11/11)
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to ExactUrl [processUrl='/login?error'] - [permitAll] (1/5)
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to ExactUrl [processUrl='/userAuth'] - [permitAll] (2/5)
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession A87EC0FB88AF6B79CCB47A062D5602B1 using the SPRING_SECURITY_CONTEXT session attribute
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=A87EC0FB88AF6B79CCB47A062D5602B1], Granted Authorities=[ROLE_ANONYMOUS]]
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=A87EC0FB88AF6B79CCB47A062D5602B1], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [GET /login] with attributes [permitAll]
2024-05-08T15:55:41.476-03:00 DEBUG 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized filter invocation [GET /login] with attributes [permitAll]
2024-05-08T15:55:41.476-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Did not switch RunAs authentication since RunAsManager returned null
2024-05-08T15:55:41.476-03:00 DEBUG 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Secured GET /login
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@6232ffdb, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@330c1f61, org.springframework.security.web.context.SecurityContextHolderFilter@59ce792e, org.springframework.security.web.header.HeaderWriterFilter@7c2dfa2, org.springframework.security.web.authentication.logout.LogoutFilter@6c6017b9, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d68b571, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@404db674, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@50f097b5, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@37d28f02, org.springframework.security.web.access.ExceptionTranslationFilter@313f8301, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5a0bef24]] (1/1)
2024-05-08T15:55:41.477-03:00 DEBUG 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing GET /
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (5/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (6/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/userAuth', POST]
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (7/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (9/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (10/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (11/11)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to ExactUrl [processUrl='/login?error'] - [permitAll] (1/5)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to ExactUrl [processUrl='/userAuth'] - [permitAll] (2/5)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to ExactUrl [processUrl='/login'] - [permitAll] (3/5)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] edFilterInvocationSecurityMetadataSource : Did not match request to Ant [pattern='/static/**'] - [permitAll] (4/5)
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=A87EC0FB88AF6B79CCB47A062D5602B1], Granted Authorities=[ROLE_ANONYMOUS]]
2024-05-08T15:55:41.477-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=A87EC0FB88AF6B79CCB47A062D5602B1], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
2024-05-08T15:55:41.478-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [GET /] with attributes [authenticated]
2024-05-08T15:55:41.478-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.expression.WebExpressionVoter : Voted to deny authorization
2024-05-08T15:55:41.478-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [GET /] with attributes [authenticated] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter@2be95d31], AllowIfAllAbstainDecisions=false]
2024-05-08T15:55:41.478-03:00 TRACE 16468 --- [nio-8080-exec-8] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=A87EC0FB88AF6B79CCB47A062D5602B1], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:77) ~[spring-security-core-6.0.0.jar:6.0.0]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:253) ~[spring-security-core-6.0.0.jar:6.0.0]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:222) ~[spring-security-core-6.0.0.jar:6.0.0]
[...]
2024-05-08T15:55:41.479-03:00 DEBUG 16468 --- [nio-8080-exec-8] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/?continue to session
我做错了什么?我是否需要其他配置来保持 Spring Boot 2.7 的行为?
我在这里更新了 Spring 2.7 中的完整工作项目:https://github.com/caiovsch/security-spring-2。随着 Spring 3.0 的变化:https://github.com/caiovsch/security-spring-3.
这是因为spring改变了前端文件(静态文件)的操作方式。 现在,为了访问前端文件,您需要在您的authorizeHttpRequests中添加注释
.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()请将您的 SecurityFilterChain 更改为:
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(requests -> requests
.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
.requestMatchers(antMatcher("/static/**")).permitAll()
.anyRequest().authenticated()
);
http.formLogin(login -> login
.loginPage("/login").permitAll()
.loginProcessingUrl("/userAuth")
.permitAll()
);
http.csrf().disable();
return http.build();
}
}
字体:https://github.com/spring-projects/spring-security/issues/12463