Spring Security hasIpAddress 导致错误 [英] Spring Security hasIpAddress causes errors
问题描述
在我的配置中,我定义了:
In my configuration, I have defined that:
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
并使用以下代码:
http.exceptionHandling()
.authenticationEntryPoint(authEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/api/payment").permitAll()
//.antMatchers("/api/payment").hasIpAddress("XXX.XXX.X.XX")
...
现在,当我允许所有流量进入/api/payment"时,一切都会被执行.
Now, when I have permited all traffic to '/api/payment', everything gets executed.
但是,如果我尝试启用 IP 验证:
However, if I try to enable the IP verification:
http.exceptionHandling()
.authenticationEntryPoint(authEntryPoint)
.and()
.authorizeRequests()
//.antMatchers("/api/payment").permitAll()
.antMatchers("/api/payment").hasIpAddress("XXX.XXX.X.XX")
...
从给定 IP 地址发送的请求会收到以下响应:
The requests send from the given IP address receive the following response:
{"errorMessage":"Not Found","errorId":"6ae34aa3-9195-42d6-8906-996906988ce0","errorDetails":null}
我做错了什么?
编辑
这是我正在调用的方法:
This is the method that I am invoking:
@RequestMapping(value = "/payment", method = POST)
public String saveOrder(@ModelAttribute PaymentDto paymentDto) {
paymentService.savePayment(paymentDto);
return "OK";
}
因为我总是发送请求数据(例如,帖子位于以下网址:api/payment?id=123&whatever
)
Since I always send request data (for example, the post is on the following url: api/payment?id=123&whatever
)
我已添加:
.antMatchers("/api/payment?**").access("hasIpAddress('XXX.XXX.X.XX')")
但这也没有用.
更新 2
我像这样改变了我的 antMatcher 的位置:
I've changed placement of my antMatcher like this:
http.exceptionHandling()
.authenticationEntryPoint(authEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/", "/app/**", "/assets/**", "/fonts/**", "/images/**").permitAll()
.antMatchers("/authentication/login", "/login.html").anonymous()
.antMatchers("/api/products/**").permitAll()
.antMatchers("/api/cities/**").permitAll()
.antMatchers("/api/order/**").permitAll()
.antMatchers("/api/payment").hasIpAddress("XXX.XXX.X.XX")
.anyRequest().authenticated()
.and()
.csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher())
.and()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/authentication/login")
.successHandler(authSuccessHandler)
.failureHandler(authFailureHandler)
.and()
.logout()
.logoutUrl("/authentication/logout")
.logoutSuccessHandler(logoutSuccessHandler)
.deleteCookies(JSESSIONID_COOKIE, CSRF_COOKIE)
.invalidateHttpSession(true)
.permitAll();
当我尝试从给定的 IP 地址发帖时,它现在只是将我重定向到登录页面
Which now just redirects me to the login page when I am trying to make a post from the given Ip Address
推荐答案
事实证明,我是通过 nginx 的代理接收请求,而 nginx 没有传递请求者的原始 IP 地址.我不得不添加一些额外的 nginx 配置,现在,我可以像这样验证 IP 地址:
So as I turned out, I was receiving the request via proxy from nginx, which wasn't passing the original IP address of a requester. I had to add some additional nginx configuration, and now, I can verify IP address like this:
@RequestMapping(value = "/payment", method = POST)
public String saveOrder(PaymentDto paymentDto, HttpServletRequest request) {
if (request.getHeader("X-Forwarded-For").equals("XXX.XXX.X.XX")){
DO STUFF
}
}
这篇关于Spring Security hasIpAddress 导致错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!