我正在研究 Spring Boot security 3.2.1 并在我的项目中实现了 JWT 身份验证。但是,现在我无法获取之前工作的 HTML 页面。我已在 Spring Security Config 类中添加了这些资源路径,但它仍然返回 403。在实现 Spring Security 之前,我能够使用 URL 获取我的 html 文件 - http://localhost:8080/expensemanager/html/application .html
这是我的项目结构
这是我的安全配置类
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private final UserDetailsService userDetailsService;
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(request -> { request
// Registration Controller
.requestMatchers("/registration/validateuserid").permitAll()
.requestMatchers("/registration/registeruser").permitAll()
// Auth Controller
.requestMatchers("/auth/createtoken").permitAll()
.requestMatchers("/auth/refreshtoken").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
// Master Controller
.requestMatchers("/master/**").permitAll()
// Resource Controller
.requestMatchers("/login").permitAll()
.requestMatchers("/registration").permitAll()
.requestMatchers("/application").permitAll()
.requestMatchers("/report").permitAll()
// Report Controller
.requestMatchers("/report/**").hasAuthority(Role.ADMIN.name())
// Expense Controller
.requestMatchers("/expense/**").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
.anyRequest().authenticated();
})
.sessionManagement(manager -> {
manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
})
.authenticationProvider(authenticationProvider()).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
return configuration.getAuthenticationManager();
}
}
这是我的控制器类,提供 html 文件,
@RestController
@RequestMapping("/")
public class ResourceController {
@GetMapping("/login")
public ModelAndView getLoginPage() {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("html/login.html");
return modelAndView;
}
@GetMapping("/registration")
public ModelAndView getRegistrationPage() {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("html/registration.html");
return modelAndView;
}
@GetMapping("/application")
public ModelAndView getApplicationPage() {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("html/application.html");
return modelAndView;
}
@GetMapping("/report")
public ModelAndView getReportPage() {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("html/report.html");
return modelAndView;
}
}
这是回复。
非常感谢任何帮助。
我能够按照此处的指南解决此问题https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
在 SpringSecurityConfig 中添加以下代码
//Permitting all my Dispatch Request
.dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.ERROR).permitAll()
//Allowing all my resources, which is present in public folder
.requestMatchers("/bootstrap/**").permitAll()
.requestMatchers("/css/**").permitAll()
.requestMatchers("/error/**").permitAll()
.requestMatchers("/fontawesome/**").permitAll()
.requestMatchers("/fuse/**").permitAll()
.requestMatchers("/highcharts/**").permitAll()
.requestMatchers("/html/**").permitAll()
.requestMatchers("/images/**").permitAll()
.requestMatchers("/js/**").permitAll()