1. ホーム
  2. 質問と答え
  3. 春のセキュリティ405

春のセキュリティ405

2017-04-11 17 views
1

:APIのURLので春のセキュリティ405

@Configuration 
@EnableWebSecurity 
public class MultipleHttpSecurityConfig { 

    @Autowired 
    @Qualifier("customUserDetailsService") 
    UserDetailsService userDetailsService; 

    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService); 
     auth.authenticationProvider(authenticationProvider()); 
    } 

    @Bean 
    public PlaintextPasswordEncoder passwordEncoder() { 
     return new PlaintextPasswordEncoder(); 
    } 

    @Bean 
    public DaoAuthenticationProvider authenticationProvider() { 
     DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); 
     authenticationProvider.setUserDetailsService(userDetailsService); 
     authenticationProvider.setPasswordEncoder(passwordEncoder()); 
     return authenticationProvider; 
    } 

    @Bean 
    public AuthenticationTrustResolver getAuthenticationTrustResolver() { 
     return new AuthenticationTrustResolverImpl(); 
    } 

    @Configuration 
    @Order(1) 
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { 

     private static String REALM="MY_REALM"; 

     protected void configure(HttpSecurity http) throws Exception { 

      http.csrf().disable() 
      .authorizeRequests() 
      .antMatchers("/api/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
      .and().httpBasic().realmName(REALM).authenticationEntryPoint(getBasicAuthEntryPoint()) 
      .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
     } 

     @Bean 
     public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){ 
      return new CustomBasicAuthenticationEntryPoint(); 
     } 
    } 

    @Configuration 
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 

     @Autowired 
     PersistentTokenRepository tokenRepository; 

     @Autowired 
     @Qualifier("customUserDetailsService") 
     UserDetailsService userDetailsService; 

     @Override 
     public void configure(WebSecurity web) throws Exception { 
      web.ignoring().antMatchers("/resources/**"); 
     } 

     @Bean 
     public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() { 
      PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
        "remember-me", userDetailsService, tokenRepository); 
      return tokenBasedservice; 
     } 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http.authorizeRequests().antMatchers("/", "/index").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/categories", "/category/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/companies", "/company/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')") 
        .antMatchers("/locations", "/location/**").access("hasRole('ADMIN') or hasRole('SUPERADMIN')").and() 
        .formLogin().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username") 
        .passwordParameter("password").and().rememberMe().rememberMeParameter("remember-me") 
        .tokenRepository(tokenRepository).tokenValiditySeconds(86400).and().csrf().and().exceptionHandling() 
        .accessDeniedPage("/Access_Denied"); 
     } 
    } 

}

は、私は欲望の結果を取得します。しかし、WebログインではHTTPステータス405 - Requestメソッド 'POST'がサポートされていません。何か案は?

春Frameworkは次のとおりです。4.3.7.RELEASE 春のセキュリティ:4.2.2.RELEASE はdegubは次のとおりです。多分これは/loginページが処理されるという意味でのマッピングの問題

2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/resources/**' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2017-04-11 19:30:12 DEBUG HstsHeaderWriter:130 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatch 
[email protected] 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', GET] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'GET /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', POST] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/logout' 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', PUT] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'PUT /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:65 - Trying to match using Ant [pattern='/logout', DELETE] 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:137 - Request 'POST /login' doesn't match 'DELETE /logout 
2017-04-11 19:30:12 DEBUG OrRequestMatcher:72 - No matches found 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2017-04-11 19:30:12 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6fa90ed4: 
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 127.0.0.1; Session 
Id: B6EBB4A5A07FDC44D8E19748CE6D5E5E; Granted Authorities: ROLE_ANONYMOUS' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2017-04-11 19:30:12 DEBUG FilterChainProxy:325 - /login at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2017-04-11 19:30:12 DEBUG AntPathRequestMatcher:157 - Checking match of request : '/login'; against '/api/**' 
2017-04-11 19:30:12 DEBUG FilterSecurityInterceptor:210 - Public object - authentication not attempted 
2017-04-11 19:30:12 DEBUG FilterChainProxy:310 - /login reached end of additional filter chain; proceeding with original chain 
2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login] 
2017-04-11 19:30:12 DEBUG RequestMappingHandlerMapping:310 - Looking up handler method for path /login 
2017-04-11 19:30:12 DEBUG ExceptionHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not sup 
ported 
2017-04-11 19:30:12 DEBUG ResponseStatusExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 DEBUG DefaultHandlerExceptionResolver:133 - Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not suppo 
rted 
2017-04-11 19:30:12 WARN PageNotFound:215 - Request method 'POST' not supported 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1044 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling 
2017-04-11 19:30:12 DEBUG DispatcherServlet:1000 - Successfully completed request 
2017-04-11 19:30:12 DEBUG ExceptionTranslationFilter:116 - Chain processed normally 
2017-04-11 19:30:12 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed

出典

2017-04-11 KostasC

+0

私はあなたがはい、私はGETで/ログインを見ることができますApiWebSecurityConfigurationAdapterクラス –

答えて

1

ですAPIハンドラーによってPOSTがログインコントローラーに到達することはありません。

apiハンドラのマッピングはどちらですか?それは/api/*で、/または/*ではありません。

あなたはAPIモジュールを構成するためにAbstractDispatcherServletInitializerをサブクラス化した場合のようなものがあるはず:これはハンドラが/login見つかりされていないことを、私はとにかく考える問題、ログを読んで、ので、あなたではない場合

 @Override 
     protected String[] getServletMappings() { 
     return new String[] { "/api/*" }; 
     }

マッピングを調べるべきです。おそらく、APIのマッピングは厳密ですが、Webマッピングは/ではありません。設定を見ずに言うのは難しいです。

GETに/loginが表示されますか?

出典

2017-04-19 18:14:26

+0

でのフィルタリングから「/ログイン」URLを除外する必要があると思います。 – KostasC

+0

どの設定が必要ですか? – KostasC

+0

あなたが使用するAbstractDispatcherServletInitializerサブクラスは?私は状況がhttp://stackoverflow.com/a/42881032/1536382の2つのマッパーのためapi/webに似ていると思ったが、あなたはgetを見る...この質問に対する他の答えと同様に、私は ' –

0

ant matcher/loginは、設定のどのパターンとも一致しません。

私はこの設定で "/"へのリクエストが直接あなたのログインページになるかもしれないと推測します。

POSTしようとしている/ HeliosCMS/login URLが正しいことを確認してください。あなたの設定の他の誰もこのアプリケーションのルートについて言及していないので、あなたの設定に基づいて、Dispatcherが/ HeliosCMS/loginではなく/ loginパターンにマッチさせることを期待しています。

2017-04-11 19:30:12 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'dispatcher' processing POST request for [/HeliosCMS/login]

出典

2017-04-19 18:32:15

関連する問題

 関連する問題