Spring Security allow all requests -

-

i need develop rest application base auth. use java-base configuration , have security class

@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter {      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {         auth.inmemoryauthentication().withuser("admin").password("123456").roles("admin");     }      @override     protected void configure(httpsecurity http) throws exception {         http.authorizerequests().anyrequest().denyall();     } }

also see security filter added 

[org.springframework.security.web.defaultsecurityfilterchain] (serverservice thread pool -- 59) creating filter chain: org.springframework.security.web.util.matcher.anyrequestmatcher@1, [org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter@5601cb02, org.springframework.security.web.context.securitycontextpersistencefilter@3be5386f, org.springframework.security.web.header.headerwriterfilter@218c240d, org.springframework.security.web.csrf.csrffilter@46b36d4, org.springframework.security.web.authentication.logout.logoutfilter@d0f92f5, org.springframework.security.web.savedrequest.requestcacheawarefilter@23004472, org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter@57a57f43, org.springframework.security.web.authentication.anonymousauthenticationfilter@42b44dda, org.springframework.security.web.session.sessionmanagementfilter@3a81a7cd, org.springframework.security.web.access.exceptiontranslationfilter@53e708c7, org.springframework.security.web.access.intercept.filtersecurityinterceptor@66a7dab9]

but when connect controller browser have code 

authentication auth = securitycontextholder.getcontext().getauthentication(); string name = auth.getname(); //get logged in username

i have npe, because auth null. understand spring security must decline requests urls before method executions. can tell me mistake?

try with

.authorizerequests().anyrequest().authenticated()

if problem persists think may due anonymousauthenticationfilter puts anonymoustoken in securitycontextholder. in case need disable filter anonymous().disable() or use rolevoter.

.authorizerequests().antmatchers("/*").hasrole("admin")

update: doubt, sure app taking configuration securityconfig?. spring documentation have this:

public class mvcwebapplicationinitializer extends abstractannotationconfigdispatcherservletinitializer {      @override     protected class<?>[] getrootconfigclasses() {         return new class[] { securityconfig.class };     }      // ... other overrides ... }

i don't know if @configuration works in websecurityconfigureradapter


Comments

Post a Comment

Popular posts from this blog

matlab - error with cyclic autocorrelation function -

-
Image
i'm trying code cyclic autocorrelation function in matlab follows: t=0:(n-1); t=t*te; i_alpha=0; tau=-n2*te:te:n2*te; alpha=-1/2:1/n:1/2; ryy_cl=zeros(length(alpha),length(tau)); alpha=alpha/te ind_tau=0; i_alpha=i_alpha+1; k=tau ind_tau=ind_tau+1; if k>0 % ryy_cl(i_alpha,ind_tau)=1/length(sig_bin_syl_mod(1:end- k))*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(1i*2*pi*alpha*t(1+k:length(sig_bin_syl_mod(1:end)))); ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(-1i*2*pi*alpha*t(1:end-k)); else ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1-k:end)).*sig_bin_syl_mod(1:end+k)).*exp(-1i*2*pi*alpha*t(1-k:end)); end end end i'm getting errors, , doesn't show expecting. according below formulae, how can fix it? the code provided incomplete, difficult confidently reproduce error. in particular, haven't de...
Read more

django - (fields.E300) Field defines a relation with model 'AbstractEmailUser' which is either not installed, or is abstract -

-
i trying create customuser django project email username , add radio button truck , company. in registration process email-id registered per truck or company. mentioned radio button 'tag' , add manytomany field tag in emailuser model. when makemigrations, raising error : (fields.e300) field defines relation model 'abstractemailuser' either not installed, or abstract. i quite new django , not sure whether have created correct code wants. please me solving this. here code, models.py: import django django.contrib.auth.models import ( abstractbaseuser, baseusermanager, permissionsmixin) django.core.mail import send_mail django.db import models django.utils import timezone django.utils.translation import ugettext_lazy _ class emailusermanager(baseusermanager): """custom manager emailuser.""" def _create_user(self, email, password, is_staff, is_superuser, **extra_fields): """create , save emailus...
Read more

c# - What is a good .Net RefEdit control to use with ExcelDna? -

-
i using exceldna , c# build suite of tools. part of forms i'd want user select cells/ranges workbook. i've got application.inputbox route working...but doesn't cool... i haven't read many things excel's refedit control, , see many have in past written workarounds, in (shudder) vba or vb.net. however, none of these seem recent... best approach/control refedit functionality on form run via exceldna (if applicable)? the refedit sample project of github explores different ways of dealing threading when showing form excel add-in, main issue making refedit control .net add-in. check page links various other implementations: https://github.com/excel-dna/exceldna/wiki/links-about-refedit
Read more