主要還是spring security把 swagger需要訪問的URL被攔截,不只是swagger-ui.html這個URL
查找網上的解決方案沒一個好用的,然後自己在跳轉重定向的方法裏打印了引發跳轉的URL,一個一個試出來的老鐵。累屁了。
話不多說,放圖,配置security配置類即可
成功:
完整配置類代碼:
package com.lw.bpczy.security.config;
import com.lw.bpczy.security.authentication.MyAuthenticationFailureHandler;
import com.lw.bpczy.security.authentication.MyAuthenticationSuccessHandler;
import com.lw.bpczy.security.authorization.MyAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsUtils;
/**
* @author: Liang Shan
* @date: 2019-11-12 10:25
* @description: security安全配置
* WebSecurityConfigurerAdapter提供簡潔的方式來創建webSecurityConfigurer
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyAuthenticationSuccessHandler successHandler;
@Autowired
private MyAuthenticationFailureHandler failureHandler;
@Autowired
private MyAccessDeniedHandler accessDeniedHandler;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/*配置安全項*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/needLogin")
.loginProcessingUrl("/login").permitAll()
.successHandler(successHandler)
.failureHandler(failureHandler)
.and()
.authorizeRequests()
// 授權不需要登錄權限的URL
.antMatchers("/needLogin",
"/swagger*//**",
"/v2/api-docs",
"/webjars*//**").permitAll()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.anyRequest().access("@rbacService.hasPermission(request,authentication)").
and().exceptionHandling().accessDeniedHandler(accessDeniedHandler).
and().cors().and().csrf().disable()
;
}
}