반응형
HttpServletRequest.servletRequest.isUserInRole("ADMIN")
Returns a <code>java.security.Principal</code> object containing the name
* of the current authenticated user. If the user has not been
* authenticated, the method returns <code>null</code>
흠..어떻게 동작하는건지...
spring JwtAuthenticationFilter 401 unauthorized 안나도록 하기 위해 뭔가 처리를 해주니까 적용이 됬는데...
어떤 method 내용을 주석처리하고 대신 http.csrf.....이런거 추가했던거 같은데
정확히 기억이 안남 ㅠㅠ
http.csrf().disable(); 이거였던듯
(https://cnpnote.tistory.com/entry/SPRING-Spring-Boot-401-Unauthorized-%EB%B3%B4%EC%95%88-%EA%B8%B0%EB%8A%A5-%EC%97%86%EC%9D%8C)
SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception {
/////요부분이었던듯
///// permitAll로는 해결안되었고 http.crsf().xxxxxx로 해결되었던거 같음
http.cors().and().csrf().disable().exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers("/", "/favicon.ico", "/manifest.json", "/**/*.png", "/**/*.gif",
"/**/*.svg", "/**/*.jpg", "/**/*.html", "/**/*.css", "/**/*.js")
.permitAll().antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/users/checkUsernameAvailability",
"/api/users/checkEmailAvailability")
.permitAll().anyRequest().authenticated();
// Add our custom JWT security filter
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
https://stackoverflow.com/questions/52904227/spring-security-401-unauthorized-even-with-permitall
반응형
'java, spring' 카테고리의 다른 글
javax.validation.constraints.NotBlank vs NotNull (0) | 2019.11.12 |
---|---|
spring error (0) | 2019.06.14 |
spring (0) | 2019.06.12 |
jpa ... (0) | 2019.03.08 |
spring JPA 환경설정 (0) | 2019.02.28 |