如何解决禁止使用403-Spring Security
我正在尝试使用Spring安全性来保护我的网站,但是我一直收到https错误。我在网上看到了很多帖子,但没有一个适合我的情况。
我正在使用Springboot构建后端RESTapi,并在Postman中对其进行测试。
我已禁用403 Forbidden,但仍然有http.csrf().disable();。
我可以访问所有用户都允许访问的部分,它也可以识别我是否放置了错误的凭据,但是当我尝试访问只有角色为403 error或ADMIN的用户可以访问的部分时,我立即遇到以下错误
USERSecurityConfiguration.java
{
"timestamp": "2020-08-30T02:08:36.033+00:00","status": 403,"error": "Forbidden","message": "","path": "/secure/auth/addUser"
}
CustomUserDetailsService.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(encodePWD());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/rest/**").permitAll()
.and()
.authorizeRequests()
.antMatchers("/secure/**").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll();
}
@Bean
public BCryptPasswordEncoder encodePWD() {
return new BCryptPasswordEncoder();
}
}
CustomUserDetails.java
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
CustomUserDetails userDetails = null;
if(user != null){
userDetails = new CustomUserDetails();
userDetails.setUser(user);
}else{
throw new UserNotFoundException("User doesn't exist with this username: " + username);
}
return userDetails;
}
}
UserController。 Java
@Getter
@Setter
public class CustomUserDetails implements UserDetails {
private User user;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getRoles().stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role)).collect(Collectors.toSet());
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
BookContoller.java
@RequestMapping("/secure/auth/")
public class UserController {
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@PreAuthorize("hasAnyRole('ADMIN')")
//POST method for adding one user
@PostMapping("/addUser")
public User addUser(@RequestBody User user){
String pwd = user.getPassword();
String encriptPwd = passwordEncoder.encode(pwd);
user.setPassword(encriptPwd);
return service.saveUser(user);
}
//other code needed
}
更新
当我使用调试部分代码时
@RestController
@RequestMapping("/rest/auth")
public class BookContoller {
@Autowired
private BookService service;
//GET method display all books
@GetMapping("/books")
public List<Book> findAllBooks(){
return service.getAllBooks();
}
我找回了我用来登录的用户...
return user.getRoles().stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role)).collect(Collectors.toSet());
User.java
User(id=1,name=chad,surname=huskins,username=chad,email=chad.huskins@gmail.com,password=$2a$10$SMH1T6fQ4HqzTAop.XOR/eDlfKzyjSkGGsT/qDCy1JYnncpdkqv32,roles=[Role(id=1,role=ADMIN)])
Role.java
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
private String name;
private String surname;
private String username;
private String email;
private String password;
//@OneToMany(mappedBy = "user",cascade = CascadeType.ALL)
//private List<Rent> rent = new ArrayList<>();
@OneToMany(cascade = CascadeType.ALL,fetch = FetchType.EAGER)
@JoinTable(name = "user_role",joinColumns = @JoinColumn(name = "user_id"),inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Role> roles;
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}
解决方法
使用import subprocess
folderAdd = r"D:\Program Files (x86)\someapp"
print(subprocess.check_output([os.path.join(folderAdd,'someProgram.exe'),os.path.join(folderAdd,'somefile.ext'])
代替new SimpleGrantedAuthority("ROLE_" + role.getRole()))
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。