2
我使用弹簧引导安全性作为我的宁静服务的ACL。 安全适配器如下弹簧安全重定向404错误
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableRedisHttpSession
@Order(2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and().csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().userDetailsService(userDetailsService);
}
}
userdetailservice
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Yuangong yuangong = yuangongService.getYuangongByNo(username).getData();
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<SimpleGrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ALL"));
return new User(yuangong.getNo(), yuangong.getPassword(), grantedAuthorities);
}
通过@RestController注释端点的卡,像
@RestController
@RequestMapping(path = "/bumen")
public class BumenEndpoint {
// @PermitAll
@PreAuthorize("hasRole('ROLE_ALL')")
@RequestMapping(path = "/getBumenTreeList", method = RequestMethod.GET)
public HttpResult<List<Map<String, Object>>> getBumenTreeData(Principal principal) {
System.out.println(principal.getName());
return new HttpResult(bumenService.getBumenTreeList());
}
如果我使用@PermitAll在终点的方法,它的工作发现并返回正确的JSON响应。如果使用@PreAuthorize(“hasRole('ROLE_ALL')”),它可以传递auth并且可以调试到这个方法,但是响应将被重定向到“/ bumen/bumen/getBumenTreeList”(double'/ bumen') 404错误。 如果我没有实现BumenEndpoint,将不会被重定向并返回正确的响应。
我不确定哪个部分会导致重定向。
什么是'HttpResult'? – chaoluo