我使用spring security 5和spring boot 2.0.0
我想用permitAll进行用户身份验证,但它不起作用。我想访问" localhost:9090 / hello"但总是被重定向到" localhost:9090 / login"。
如何使用spring security进行用户身份验证?
我配置了WebSecurity,如下所示。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/hello").permitAll()
.anyRequest().authenticated();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
/src/main/resources/application.properties
server.port=9090
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/dev_db
spring.datasource.username=sa
spring.datasource.password=
spring.flyway.url=jdbc:mysql://localhost:3306/dev_db
spring.flyway.user=sa
spring.flyway.password=
spring.flyway.baselineVersion=1
spring.flyway.baseline-on-migrate=false
spring.messages.basename=messages
spring.messages.cache-duration=-1
spring.messages.encoding=UTF-8
spring.security.user.name=user
spring.security.user.password=password
logging.level.org.springframework.security=DEBUG
/src/main/resources/templates/hello.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head><title>Hello World!</title></head>
<body>
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
<form th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body></html>
/src/main/resources/templates/login.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<title>Login page</title>
</head><body>
<h1>Login page</h1>
<p>Example user: user / password</p>
<form th:action="@{/login}" method="post">
<p th:if="${loginError}"><em>Username or password is wrong.</em></p>
<p><label for="username">Username</label>:
<input type="text" id="username" name="username" autofocus="autofocus" /></p>
<p><label for="password">Password</label>:
<input type="password" id="password" name="password" /></p>
<p><input type="submit" value="Log in" /></p>
</form>
<p><a th:href="@{/signup}">Sign up</a></p>
<p><a th:href="@{/}">Back to index</a></p></body></html>
build.gradle如下所示
buildscript {
ext {
springBootVersion = '2.0.0.RELEASE'
}
repositories {
mavenCentral()
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/milestone" }
maven { url 'http://jcenter.bintray.com' }
maven { url 'https://mvnrepository.com/artifact/com.opencsv/opencsv' }
}
dependencies {
classpath("io.spring.gradle:dependency-management-plugin:1.0.4.RELEASE")
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
classpath("mysql:mysql-connector-java:5.1.45")
classpath ("org.junit.platform:junit-platform-gradle-plugin:1.1.0")
}
}
plugins {
id "org.flywaydb.flyway" version "5.0.6"
}
flyway {
url = "jdbc:mysql://localhost:3306/dev_db"
user = "sa"
password = ""
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'org.springframework.boot'
apply plugin: 'org.junit.platform.gradle.plugin'
group = 'com.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
repositories {
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/plugins-release" }
maven { url "https://repo.spring.io/milestone" }
maven { url "https://repository.jboss.org/nexus/content/repositories/releases" }
mavenCentral()
}
allprojects {
gradle.projectsEvaluated {
tasks.withType(JavaCompile) {
options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
}
}
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-aop')
compile('org.springframework.boot:spring-boot-starter-hateoas')
compile('org.springframework.boot:spring-boot-starter-thymeleaf')
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.boot:spring-boot-starter-webflux')
compile('org.springframework.boot:spring-boot-starter-jdbc')
compile('org.springframework.data:spring-data-commons')
compile('org.springframework.boot:spring-boot-starter-data-jpa')
compile("org.springframework.boot:spring-boot-starter-security")
compile('org.flywaydb:flyway-core:5.0.7')
compile('org.flywaydb.flyway-test-extensions:flyway-spring5-test:5.0.0')
compile('mysql:mysql-connector-java:5.1.45')
compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.1')
compile('org.slf4j:slf4j-api:1.7.+')
compile('org.slf4j:log4j-over-slf4j:1.7.+')
compile('org.slf4j:jcl-over-slf4j:1.7.+')
compile('net.sf.dozer:dozer:5.5.1')
compile('ch.qos.logback:logback-classic:1.2.3')
compile('com.opencsv:opencsv:4.1')
compile ('com.fasterxml.jackson.core:jackson-databind')
runtime('org.springframework.boot:spring-boot-devtools')
runtime('mysql:mysql-connector-java:5.1.45')
testCompile('org.springframework.boot:spring-boot-starter-test')
testCompile('io.projectreactor:reactor-test')
testRuntime("org.junit.jupiter:junit-jupiter-engine")
testRuntime('mysql:mysql-connector-java:5.1.45')
}
我有一个测试配置文件。
package com.example;
@Configuration
@ComponentScan(basePackages = {"com.example"})
public class TestWebConfig implements WebMvcConfigurer, ApplicationContextAware {
private ApplicationContext applicationContext;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
}
我有springBootApplication文件。
@EntityScan({"com.example.stock","com.example.item"})
@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})
public class WebApplication {
public static void main(String[] args) {
SpringApplication.run(WebApplication.class, args);
}
@Bean
public MessageSource messageSource() {
ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
messageSource.setBasename("classpath:messages");
messageSource.setDefaultEncoding("UTF-8");
return messageSource;
}
@Bean
public LocalValidatorFactoryBean validator() {
LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();
bean.setValidationMessageSource(messageSource());
return bean;
}
}
安全日志在
之下22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /logout
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /hello' doesn't match 'POST /login
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 8 of 14 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - pathInfo: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - queryString: both null (property equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.DefaultSavedRequest - requestURI: arg1=/; arg2=/hello (property not equals)
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:35:15.345 [http-nio-9090-exec-6] DEBUG o.s.security.web.FilterChainProxy - /hello at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /hello; Attributes: [authenticated]
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@b841c1bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2D91FF16856148858B7FA31A6FDB958F; Granted Authorities: ROLE_ANONYMOUS
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@a3ce3d, returned: -1
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:204)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
22:35:15.346 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/hello' matched by universal pattern '/**'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/hello'; against '/**/favicon.ico'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing */*;q=0.8
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Ignoring
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Did not match any media types
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:9090/hello]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@356a6f1e, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xhtml+xml .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - image/* .isCompatibleWith text/html = false
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/html .isCompatibleWith text/html = true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@816fe85
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:9090/login'
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.347 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.348 [http-nio-9090-exec-6] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@49c5a76. A new one will be created.
22:35:15.355 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /logout
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.security.web.FilterChainProxy - /login at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@258eaf02
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:35:15.356 [http-nio-9090-exec-7] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
答案 0 :(得分:1)
您的安全配置似乎根本没有被提取。
@SpringBootApplication(scanBasePackages={"com.example.stock","com.example.item"})
在你的主要课程中。您的安全配置位于包com.example中。因此,不会创建此类的bean,也不会应用配置。