我正在学习 spring-security 并创建了简单的应用程序来学习匹配器。不幸的是,我无法mvcMatchers上班。另一件事是它与antMatchers. 请在下面查看它的来源。
1) pom.xml 中的依赖项:
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.0.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
<version>3.0.9.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>4.0.0</version>
<scope>provided</scope>
</dependency>
</dependencies>
2)MvcWebApplicationInitializer:
public class MvcWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{SecurityConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { MvcWebConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
3) MvcWebConfig
@Configuration
@EnableWebMvc
@ComponentScan("com.example.controller")
public class MvcWebConfig implements WebMvcConfigurer {
@Autowired
private ApplicationContext applicationContext;
@Bean
public SpringResourceTemplateResolver templateResolver() {
SpringResourceTemplateResolver templateResolver = new SpringResourceTemplateResolver();
templateResolver.setApplicationContext(applicationContext);
templateResolver.setPrefix("/WEB-INF/views/");
templateResolver.setSuffix(".html");
return templateResolver;
}
@Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine templateEngine = new SpringTemplateEngine();
templateEngine.setTemplateResolver(templateResolver());
templateEngine.setEnableSpringELCompiler(true);
return templateEngine;
}
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
ThymeleafViewResolver resolver = new ThymeleafViewResolver();
resolver.setTemplateEngine(templateEngine());
registry.viewResolver(resolver);
}
}
4)安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/secured/**").hasRole("ADMIN")
//.mvcMatchers(HttpMethod.GET, "/secured/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.formLogin();
}
}
5) 安全WebInitializer:
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {}
6) 我的控制器
@Controller
public class MyController {
@GetMapping("unsecured")
public String unsecured(Model model) {
model.addAttribute("message", "Unsecured");
return "index";
}
@GetMapping("secured/msg")
public String secured(Model model) {
model.addAttribute("message", "Secured");
return "index";
}
}
7) index.html 只是简单的 Themeleaf 模板来输出消息
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="ISO-8859-1">
</head>
<body>
<p th:text="${message}"></p>
</body>
</html>
我将应用程序打包为war,将其部署到Tomcat 9应用程序服务器,然后打开warname/unsecuredURL warname/secured/msg,它按预期工作(不安全仅输出消息'不安全',安全要求登录/密码。登录后显示带有消息'安全'的页面)。当我在导航到这两个 url 中的任何一个时发表评论antMatchers和取消评论时,会给我标准的 404 Tomcat 页面。我尝试提供不同的模式,例如:, , , , 每次我得到 404。在远程调试应用程序时我发现它似乎没有被调用,而在尝试访问页面期间被调用。你能告诉我如何让应用程序以与现在相同的方式工作吗mvcMatchersSecurityConfigmvcMatchers/secured/msg/secured/msg/secured/msg/secured/msg/*mvcMatcher.matchantMatcher.matchwarname/secured/msgmvcMatchersantMatchers?