Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java spring安全性angularjs 403

8 月,3 周 Questions & Answers

我正在尝试向angularjs应用程序添加spring安全性。以下是关于使用spring security保护单页应用程序的教程:

https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii

不同之处在于,我不是在使用SpringBoot,而是在使用SpringMVC。我想我添加了我需要的所有内容,但由于某种原因,在键入inMemory凭据后,我得到了403禁止

以下是我的spring安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    System.out.println("initTT");
    auth
        .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

  http
    .httpBasic()
  .and()
    .authorizeRequests()
      .antMatchers("/user").hasRole("USER")
      .anyRequest().authenticated()
   .and()
   .csrf().disable();
}


 @Override
  public void configure(WebSecurity web) throws Exception {
    web
      .ignoring()
         .antMatchers("/app/**"); 
  }

private CsrfTokenRepository csrfTokenRepository() {
      HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
      repository.setHeaderName("X-XSRF-TOKEN");
      return repository;
    }

}

我使用了教程中的authenicate()函数,并将其添加到我的应用程序中。js文件:

coursesApp.controller('loginController', function($rootScope, $scope, $http, $location) {


      var authenticate = function(credentials, callback) {
        var headers = credentials ? {authorization : "Basic "
            + btoa(credentials.username + ":" + credentials.password)
        } : {};


       console.log(headers);
        $http.get('/basic-web-app/user', {headers : headers}).success(function(data) {
          if (data.name) {
            $rootScope.authenticated = true;
          } else {
            $rootScope.authenticated = false;
          }
          callback && callback();
        }).error(function() {
          $rootScope.authenticated = false;
          callback && callback();
        });

      }

      authenticate();
      $scope.credentials = {};
      $scope.login = function() {
          console.log("login clicked!!!!!!!");
          authenticate($scope.credentials, function() {
            if ($rootScope.authenticated) {
              console.log("authenticated");
              $location.path("/");
              $scope.error = false;
            } else {
              console.log("not authenticated");
              $location.path("/login");
              $scope.error = true;
            }
          });
      };
    });

我有UserController和 /使用者 端点,如教程中所述。我正在用这个扫描包裹

 <context:component-scan base-package="com.courses.portal.controllers"/>

enter image description here

我还附上了chrome控制台的屏幕截图,以明确我在做什么:

网络。xml文件:

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="
        http://java.sun.com/xml/ns/javaee
        http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/business-config.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>


    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>

mvc调度程序servlet。xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">
    <context:component-scan base-package="com.courses.portal.controllers"/>

    <mvc:resources mapping="/app/**" location="/app/build/"/>

    <mvc:annotation-driven/>

    <bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/jsp/"/>
        <property name="suffix" value=".jsp"/>
    </bean>

    <security:global-method-security pre-post-annotations="enabled">
        <security:protect-pointcut expression="execution(* com.courses.portal.controllers.*.*(..))"
                                   access="ROLE_USER"/>
    </security:global-method-security>


</beans>

对不起,如果这是一个常见的问题,但我试图找到任何有用的网站上发布之前。谢谢大家!


共 (1) 个答案

  1. # 1 楼答案

    我猜(你还没有真正发布所有代码)是/basic web app是一个上下文根,这是一个servlet API构造-如果你要创建绝对路径,你需要在客户端中使用它,但它不知道servlet,但是Spring Security是基于servlet的,因此它不需要前缀(我注意到您从静态资源的/app/**配置中删除了前缀)。尝试从安全配置路径中删除前缀