标签:WebSocket configure Spring void antMatchers public Security 连接 httpSecurity
使用Spring Security时,Security默认会拦截WebSocket连接。
最近项目中使用Spring Security进行验证过滤,后来发现Spring Security拦截http的同时也拦截了websocket,导致websocket无法连接,尝试各种方法,包括
configure(HttpSecurity httpSecurity)中各种配置还是无效,后来经过尝试,最终发现,在void configure(WebSecurity webSecurity)中设置即可:@Override
public void configure(WebSecurity webSecurity){
webSecurity.ignoring().antMatchers(
"/ws/**"
);
}
完整代码:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailService;
@Autowired
private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//super.configure(http);
// TODO Auto-generated method stub
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
// .sessionManagement()// 基于token,所以不需要session
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/***/**/*.html",
"/***/**/*.css",
"/***/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**",
"/**/FAQ",
"/**/pmq/public"
)
.permitAll()
.antMatchers("/user/login", "/task/optional_data_info")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
// .antMatchers("/**")//测试时全部运行访问
// .permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//super.configure(auth);
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
//忽略websocket拦截
@Override
public void configure(WebSecurity webSecurity){
webSecurity.ignoring().antMatchers(
"/ws/**"
);
}
@Bean
public UserDetailsService userDetailsService()
{
return new PhotovoltaicUserDetailsService();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){
return new JwtAuthenticationTokenFilter();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
标签:WebSocket,configure,Spring,void,antMatchers,public,Security,连接,httpSecurity 来源: https://blog.csdn.net/luoyongweis/article/details/117965445
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。