这是这个问题的后续问题。
我将我的 Vaadin 20 应用程序迁移到 21 以使用基于视图的访问控制。注释@PermitAll
和@AnonymousAllowed
工作正常。但是,当我尝试将路由限制为特定用户角色时,@RolesAllowed
我无法访问此站点(使用具有此角色的用户登录)。是否需要一些特殊代码才能让 Vaadin 识别我经过身份验证的用户的角色?
角色限制页面:
@Component
@Route(value = "admin", layout = MainLayout.class, absolute = true)
@RolesAllowed("admin")
@UIScope
public class AdminView ...
安全配置
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends VaadinWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
setLoginView(http, LoginView.class, "/login");
}
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.ignoring().antMatchers("/images/**");
}
}