401 Несанкционированная ошибка при конфигурации Spring Spring Spring Spring ⇐ JAVA

[Anonymous]

Я пытаюсь перенести существующее приложение с Springboot 2,7,3 до 3.2.4. Приложение использует Jhipster для генерации UIS. Таким образом, после настройки всех SecurityFilterChain на новые спецификации Springboot 3. Но когда я пытаюсь открыть URL http: // localhost: 8080/, я получаю ошибку:

my Security Config Class выглядит как: p> p> p> p>
my Security Config Class.

Код: Выделить всё

package com.gtt.cv.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import org.springframework.web.filter.CorsFilter;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;

import com.gtt.cv.security.AuthoritiesConstants;
import com.gtt.cv.security.jwt.JWTConfigurer;
import com.gtt.cv.security.jwt.TokenProvider;

import tech.jhipster.config.JHipsterProperties;

@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Configuration
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration {

private final JHipsterProperties jHipsterProperties;

private final TokenProvider tokenProvider;

private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;

public SecurityConfiguration(TokenProvider tokenProvider, CorsFilter corsFilter, JHipsterProperties jHipsterProperties, SecurityProblemSupport problemSupport) {

this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
this.jHipsterProperties = jHipsterProperties;
}

@Bean
public Argon2PasswordEncoder passwordEncoder() {
return new Argon2PasswordEncoder(64, 512, 2, 1024, 4);
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity httpsSecurity) throws Exception {

httpsSecurity.csrf(csrf -> csrf.disable())
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling((exception) -> exception.authenticationEntryPoint(problemSupport).accessDeniedHandler(problemSupport))
.headers(headers -> headers.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin())
.contentSecurityPolicy(contentSecurityPolicyConfig -> contentSecurityPolicyConfig.policyDirectives(jHipsterProperties.getSecurity().getContentSecurityPolicy()).reportOnly())
.referrerPolicy(referralPolicyConfig -> referralPolicyConfig.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN))
.permissionsPolicy(permissionsPolicyConfig -> permissionsPolicyConfig.policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")))
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth ->  auth.requestMatchers("/").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/app/**/*.{js,html}").permitAll()
.requestMatchers("/i18n/**").permitAll()
.requestMatchers("/content/**").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/test/**").permitAll()
.requestMatchers("/api/authenticate").permitAll()
.requestMatchers("/api/register").permitAll()
.requestMatchers("/api/activate").permitAll()
.requestMatchers("/api/account/reset-password/init").permitAll()
.requestMatchers("/api/account/reset-password/finish").permitAll()
.requestMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.requestMatchers("/api/**").authenticated()
.requestMatchers("/management/health").permitAll()
.requestMatchers("/management/health/**").permitAll()
.requestMatchers("/management/info").permitAll()
.requestMatchers("/management/prometheus").permitAll()
.requestMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN))
.httpBasic(basic -> basic.authenticationEntryPoint(problemSupport))
.with(securityConfigurerAdapter(), customizer -> customizer.withDefaults());

return httpsSecurity.build();
}

private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
}
< /code>
jwtconfigurer class: < /p>
package com.gtt.cv.security.jwt;

import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class JWTConfigurer extends SecurityConfigurerAdapter {

private final TokenProvider tokenProvider;

public JWTConfigurer(TokenProvider tokenProvider) {
this.tokenProvider = tokenProvider;
}

@Override
public void configure(HttpSecurity httpSecurity) {

JWTFilter customFilter = new JWTFilter(tokenProvider);

httpSecurity.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}

public void withDefaults() {

}
}

Я предполагаю, что мой SecurityFilterChain не идеален, особенно метод с ()

Подробнее здесь: https://stackoverflow.com/questions/796 ... figuration