0

我正在尝试在 vaadin 14 + spring boot 应用程序中包含一个“第三方”url,即 spring-security 的重定向 url,用于在“/oauth2/authorization/github”上进行单点登录。然而,vaadin servlet 似乎拦截了这个 url,并显示了一条路径未知的错误消息。

无法导航到“oauth2/authorization/github”

原因:找不到 'oauth2/authorization/github' 的路由

如何防止这种情况,以便可以访问 oauth2 url?我检查了 vaadin 文档,但没有找到有关如何从常规路由器导航机制中排除特定路径的信息。spring-boot oauth2 教程来自 Spring 官方网站https://spring.io/guides/tutorials/spring-boot-oauth2/并添加了以下依赖项:

    <dependency>
        <groupId>com.vaadin</groupId>
        <artifactId>vaadin</artifactId>
    </dependency>
    <dependency>
        <groupId>com.vaadin</groupId>
        <artifactId>vaadin-spring-boot-starter</artifactId>
    </dependency>

WebSecurityConfigurerAdapter 已正确就位,因为标准 spring-security 在页面的根“/”上显示了上述 GitHub Auth 链接。同样对于根页面,未显示未知路由错误。

我还尝试了https://vaadin.com/learn/tutorials/securing-your-app-with-spring-security/setting-up-spring-security中的示例,它适用于常规登录页面,但再次阻止访问oauth2 链接。

是否需要实现调度此请求的请求过滤器,或者可以在某处配置排除?

编辑:根据要求,这里是 WebSecurityAdapterConfigurer

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                // Register our CustomRequestCache, that saves unauthorized access attempts, so
                // the user is redirected after login.
                .requestCache().requestCache(new CustomRequestCache())

                // Restrict access to our application.
                .and().authorizeRequests()

                // Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
                // Allow all requests by logged in users.
                .anyRequest().authenticated()

                // Configure the login page.
                .and().oauth2Login()
                .and().formLogin().loginPage(LOGIN_URL).permitAll().loginProcessingUrl(LOGIN_PROCESSING_URL)
                .failureUrl(LOGIN_FAILURE_URL)
                // Configure logout
                .and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(
                // Vaadin Flow static resources
                "/VAADIN/**",
                // the standard favicon URI
                "/favicon.ico",
                // the robots exclusion standard
                "/robots.txt",
                // web application manifest
                "/manifest.webmanifest",
                "/sw.js",
                "/offline-page.html",
                // icons and images
                "/icons/**",
                "/images/**",
                // (development mode) static resources
                "/frontend/**",
                // (development mode) webjars
                "/webjars/**",
                // (development mode) H2 debugging console
                "/h2-console/**",
                // (production mode) static resources
                "/frontend-es5/**", "/frontend-es6/**",
                // oauth2
                "/user/**",
                "/oauth2/**"
        );
    }

在检查了@anasmi 评论的教程后,发现包含 oauth antmatcher 的 WebSecurity 配置首先是错误的。

现在可以观察到的效果是 spring security oauth2 过滤器转发到 /login ,它不显示为 vaadin 路由配置的页面,而是默认带有指向 github 的授权链接。

如果它有助于理解正在发生的事情,这是一个调试日志:

onTranslationFilter     : Calling Authentication entry point.
uthenticationEntryPoint : Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5be8fdbf, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
her.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
.NegatedRequestMatcher  : matches = true
her.AndRequestMatcher   : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5be8fdbf, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
TypeRequestMatcher      : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
TypeRequestMatcher      : Processing text/html
TypeRequestMatcher      : application/xhtml+xml .isCompatibleWith text/html = false
TypeRequestMatcher      : image/* .isCompatibleWith text/html = false
TypeRequestMatcher      : text/html .isCompatibleWith text/html = true
her.AndRequestMatcher   : All requestMatchers returned true
uthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@20728225
RedirectStrategy        : Redirecting to 'http://localhost:8080/login'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend-es6/**'
FilterChainProxy        : /login at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /login at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /login at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /login at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /login at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : /login at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/login/oauth2/code/*'
FilterChainProxy        : /login at position 7 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /login'
FilterChainProxy        : /login at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend-es6/**'
FilterChainProxy        : /oauth2/authorization/github at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /oauth2/authorization/github at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /oauth2/authorization/github at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /oauth2/authorization/github at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /oauth2/authorization/github at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/oauth2/authorization/{registrationId}'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/oauth2/authorization/{registrationId}'
RedirectStrategy        : Redirecting to 'https://github.com/login/oauth/authorize?response_type=code&client_id=3a39e84cc95590698a1b&scope=read:user&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D&redirect_uri=http://localhost:8080/login/oauth2/code/github'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend-es6/**'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/login/oauth2/code/*'
ginAuthenticationFilter : Request is to process authentication
ion.ProviderManager     : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
stTemplate              : HTTP POST https://github.com/login/oauth/access_token
stTemplate              : Accept=[application/json, application/*+json]
stTemplate              : Writing [{grant_type=[authorization_code], code=[c8b1870a2477fef6f032], redirect_uri=[http://localhost:8080/login/oauth2/code/github]}] as "application/x-www-form-urlencoded;charset=UTF-8"
stTemplate              : Response 200 OK
stTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
stTemplate              : HTTP GET https://api.github.com/user
stTemplate              : Accept=[application/json, application/*+json]
stTemplate              : Response 200 OK
stTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
nAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@10bebcb4
ginAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@19bf8c7c
nticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/
RedirectStrategy        : Redirecting to 'http://localhost:8080/'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@19bf8c7c'
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend-es6/**'
FilterChainProxy        : / at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : / at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@19bf8c7c'
FilterChainProxy        : / at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : / at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : / at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : / at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/login/oauth2/code/*'
FilterChainProxy        : / at position 7 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /login'
FilterChainProxy        : / at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
FilterChainProxy        : / at position 9 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/logout'
FilterChainProxy        : / at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
SavedRequest            : pathInfo: both null (property equals)
SavedRequest            : queryString: both null (property equals)
SavedRequest            : requestURI: arg1=/; arg2=/ (property equals)
SavedRequest            : serverPort: arg1=8080; arg2=8080 (property equals)
SavedRequest            : requestURL: arg1=http://localhost:8080/; arg2=http://localhost:8080/ (property equals)
SavedRequest            : scheme: arg1=http; arg2=http (property equals)
SavedRequest            : serverName: arg1=localhost; arg2=localhost (property equals)
SavedRequest            : contextPath: arg1=; arg2= (property equals)
SavedRequest            : servletPath: arg1=/; arg2=/ (property equals)
FilterChainProxy        : / at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
FilterChainProxy        : / at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
FilterChainProxy        : / at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
FilterChainProxy        : / at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
FilterChainProxy        : / at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
rSecurityInterceptor    : Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@201c9f26, returned: 1
rSecurityInterceptor    : Authorization successful
rSecurityInterceptor    : RunAsManager did not change Authentication object
FilterChainProxy        : / reached end of additional filter chain; proceeding with original chain
ispatcherServlet        : GET "/", parameters={}
impleUrlHandlerMapping  : Mapped to org.springframework.web.servlet.mvc.ServletForwardingController@46beee3b
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
ispatcherServlet        : Completed 200 OK
onTranslationFilter     : Chain processed normally
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/VAADIN/build/webcomponentsjs/webcomponents-loader.js'; against '/VAADIN/**'
FilterChainProxy        : /VAADIN/build/webcomponentsjs/webcomponents-loader.js has an empty filter list
ispatcherServlet        : GET "/VAADIN/build/webcomponentsjs/webcomponents-loader.js", parameters={}
impleUrlHandlerMapping  : Mapped to org.springframework.web.servlet.mvc.ServletForwardingController@46beee3b
4

1 回答 1

1

您可能已经被Vaadin 教程所困扰,其中的示例代码,如果您在应用程序中使用它,基本上已经从整体等式中删除了您的 antmatchers 和 http 配置属性。

问题出在类 ConfigureUIServiceInitListener.java

 private void beforeEnter(BeforeEnterEvent event) {
    if (!LoginView.class.equals(event.getNavigationTarget()) // 
        && !SecurityUtils.isUserLoggedIn()) { // 
        event.rerouteTo(LoginView.class); // 
    }
}

在尝试使注册页面正常工作时,我遇到了类似的问题。所有未经授权的请求都被重定向到登录 url。如果您接受了他们的建议并使用它来保护 Vaadin 登录,那么您所做的任何事情都无法改变这一点,除非您在课程的此方法中执行此类操作:

   private void beforeEnter(BeforeEnterEvent event) {
        if (!LoginView.class.equals(event.getNavigationTarget()) && !**RegisterView.class.equals**(event.getNavigationTarget())//
                && !SecurityUtils.isUserLoggedIn()) { //
            event.rerouteTo(LoginView.class); // 
        }
    }

显然,我们的用例略有不同。但这是您必须创建异常情况的地方,否则 beforeEnter 方法将只允许经过身份验证的请求访问内部框架事件。除了 LoginView 之外的任何内容都将被重定向到 /login。您所有试图通过 Spring Security 来允许尚未经过身份验证的用户访问您的 url 的尝试都将徒劳无功!

这非常烦人,因为必须配置 http 安全性,然后确保他们在此方法中添加了任何新异常。

于 2020-07-11T21:06:11.470 回答