У меня возникла проблема с конфигурацией Spring Security в приложении Spring Boot. Мой класс WebSecurityConfig настроен на обработку различных разрешений и конфигураций конечных точек. Проблема, похоже, связана либо с циклической зависимостью, либо с проблемой инициализации bean-компонента.
Я попытался зарегистрировать AuthController.java, но проблема может быть в конфигурации, поскольку ранее она работала.
/**
* Class used to setup the security for each endpoint in the project
*/
@EnableWebSecurity
@Configuration
@EnableMethodSecurity(
securedEnabled = true,
jsr250Enabled = true,
prePostEnabled = true
)
public class WebSecurityConfig {
private final UserDetailsServiceImpl userDetailsService;
private final LogRepository logRepository;
private final HazelcastInstance hazelcastInstance;
private final HazelcastCache hazelcastCache;
@Autowired
public WebSecurityConfig(UserDetailsServiceImpl userDetailsService,
LogRepository logRepository,
@Qualifier("hazelcast-client") HazelcastInstance hazelcastInstance,
HazelcastCache hazelcastCache) {
this.userDetailsService = userDetailsService;
this.logRepository = logRepository;
this.hazelcastInstance = hazelcastInstance;
this.hazelcastCache = hazelcastCache;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* Configure HTTP security and endpoint permissions
* @param http
* @return SecurityFilterChain
* @throws Exception
*/
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.addLogoutHandler(customLogoutHandler())
.logoutSuccessHandler(logoutSuccess())
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID", "SESSION")
.invalidateHttpSession(true)
.logoutSuccessUrl("/")
.permitAll()
)
.httpBasic(AbstractHttpConfigurer::disable)
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
)
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(getPublicResources()).permitAll()
.requestMatchers("/css/**", "/js/**", "/images/**", "/webjars/**", "/favicon.ico", "/img/**", "/alerts/**", "/alertstream/**").permitAll()
.requestMatchers("/alerts/token", "/alerts/initial", "/alerts/*", "/alerts/*", "/css/*", "/js/*", "/images/*", "/webjars/*", "/favicon.ico", "/img/*", "/alertstream/*", "/alertstream/*/*").permitAll()
.requestMatchers("/profile/edit").authenticated()
.requestMatchers("/users/*").authenticated()
.requestMatchers("/users/**").authenticated()
.requestMatchers("/two-factor-auth").permitAll()
.requestMatchers("/verify-2fa").permitAll()
.anyRequest().authenticated()
)
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(List.of("127.0.0.1", "127.0.0.1:8080", "http://127.0.0.1", "http://127.0.0.1/"));
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE"));
source.registerCorsConfiguration("/**", config);
return source;
}
@Bean
public CustomLogoutHandler customLogoutHandler() {
return new CustomLogoutHandler(hazelcastCache, hazelcastInstance);
}
@Bean
public LogoutSuccess logoutSuccess() {
return new LogoutSuccess(logRepository);
}
private String[] getPublicResources() {
return new String[]{"/", "/css/*", "/email_templates", "/font-awesome/*/*",
"/fonts/*", "/img/*/*", "/js/*/*", "/locales/*", "/alerts/*/*", "/pdf/*", "/index", "/login", "/forgot", "/two-factor-auth", "/verify-2fa", "/lost-device"};
}
}
Софон
Вопрос задан10 февраля 2024 г.