Мобильная версиявот моя конфигурация безопасности:
Код: Выделить всё
package uz.smartup.academy.bloggingplatform.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import javax.sql.DataSource;
@Configuration
public class SecurityConfiguration {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsManager userDetailsManager(DataSource dataSource) {
JdbcUserDetailsManager detailsManager = new JdbcUserDetailsManager(dataSource);
detailsManager.setUsersByUsernameQuery("SELECT username, password, enabled FROM user WHERE username = ?");
detailsManager.setAuthoritiesByUsernameQuery("SELECT username, role FROM role WHERE username = ?");
return detailsManager;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(
authManager -> authManager
.requestMatchers(HttpMethod.GET, "/admin", "/admin/*").hasAnyRole("ADMIN")
.requestMatchers(HttpMethod.GET, "/", "/posts/*", "/profile/*", "/categories/*").permitAll()
.requestMatchers(HttpMethod.POST, "/profile/*").permitAll()
.requestMatchers(HttpMethod.GET, "/css/**", "/js/**", "/photos/**").permitAll()
.anyRequest().authenticated())
.formLogin(
form -> form.loginPage("/login")
.loginProcessingUrl("/authenticate")
.defaultSuccessUrl("/", true)
.permitAll()
)
.logout(logout ->
logout.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll()
);
http.csrf(AbstractHttpConfigurer::disable);
http.httpBasic(Customizer.withDefaults());
return http.build();
}
}
2024-07-06T23:19:21.944+05:00 DEBUG 4448 --- [bloggingplatform] [nio-8080-exec- 2] s.w.a.DelegatingAuthenticationEntryPoint: попытка сопоставления с использованием And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, ожидаемыйHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@75a4ae 9e, matchMediaTypes=[application/ xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoreMediaTypes=[*/*]]]
2024-07-06T23:19:21.948 +05:00 DEBUG 4448 --- [bloggingplatform] [nio-8080-exec-2] s.w.a.DelegatingAuthenticationEntryPoint : Соответствие найдено! Выполнение org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@76192bf1
2024-07-06T23:19:21.949+05:00 DEBUG 4448 --- [платформа для блогов] [nio-8080] -exec-2] o.s.s.web.DefaultRedirectStrategy : перенаправление на http://localhost:8080/login
2024-07-06T23:19:21.960+05:00 DEBUG 4448 --- [платформа для блогов] [nio-8080-exec-3] o.s.security.web.FilterChainProxy: защита GET /login
2024-07-06T23:19:21.960+05:00 DEBUG 4448 - -- [платформа для ведения блога] [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Защищенный GET /login
2024-07-06T23:19:21.977+05:00 DEBUG 4448 --- [платформа для блогов] [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter: установите для SecurityContextHolder анонимный SecurityContext
Подробнее здесь: https://stackoverflow.com/questions/787 ... hout-login
