Spring Security блокирует консоль h2, несмотря на то, что я установил разрешение /h2-console/**
в конфигурации
@Configuration
public class Config {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeHttpRequests((requests) ->
requests
.requestMatchers("/", "/h2-console/**").permitAll()
.anyRequest().authenticated()
);
http.headers().frameOptions().disable();
return http.build();
}
}
Я уже читал соответствующие ответы на SO, но они мне не помогли.
Ссылка на проект здесь
отчет об ошибках
2023-04-13T17:02:45.447+02:00 INFO 28567 --- [ main] com.example.demo.DemoApplication : Starting DemoApplication using Java 17.0.4.1 with PID 28567 (/Users/haohanyang/Developer/demo/build/classes/java/main started by haohanyang in /Users/haohanyang/Developer/demo)
2023-04-13T17:02:45.450+02:00 INFO 28567 --- [ main] com.example.demo.DemoApplication : No active profile set, falling back to 1 default profile: "default"
2023-04-13T17:02:45.903+02:00 INFO 28567 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2023-04-13T17:02:45.920+02:00 INFO 28567 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 9 ms. Found 0 JPA repository interfaces.
2023-04-13T17:02:46.322+02:00 INFO 28567 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2023-04-13T17:02:46.329+02:00 INFO 28567 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2023-04-13T17:02:46.329+02:00 INFO 28567 --- [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.7]
2023-04-13T17:02:46.391+02:00 INFO 28567 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2023-04-13T17:02:46.392+02:00 INFO 28567 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 897 ms
2023-04-13T17:02:46.416+02:00 INFO 28567 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2023-04-13T17:02:46.566+02:00 INFO 28567 --- [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection conn0: url=jdbc:h2:mem:testdb user=SA
2023-04-13T17:02:46.567+02:00 INFO 28567 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2023-04-13T17:02:46.579+02:00 INFO 28567 --- [ main] o.s.b.a.h2.H2ConsoleAutoConfiguration : H2 console available at '/h2-console'. Database available at 'jdbc:h2:mem:testdb'
2023-04-13T17:02:46.679+02:00 INFO 28567 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2023-04-13T17:02:46.712+02:00 INFO 28567 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 6.1.7.Final
2023-04-13T17:02:46.944+02:00 INFO 28567 --- [ main] SQL dialect : HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
2023-04-13T17:02:47.152+02:00 INFO 28567 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2023-04-13T17:02:47.161+02:00 INFO 28567 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2023-04-13T17:02:47.184+02:00 WARN 28567 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2023-04-13T17:02:47.207+02:00 WARN 28567 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: b0b3b2e8-29f6-4e45-9a25-4224980accd1
This generated password is for development use only. Your security configuration must be updated before running your application in production.
2023-04-13T17:02:47.396+02:00 INFO 28567 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@14239223, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@68df8c6, org.springframework.security.web.context.SecurityContextHolderFilter@1fc3df43, org.springframework.security.web.header.HeaderWriterFilter@552bee2f, org.springframework.security.web.authentication.logout.LogoutFilter@1dfcf85a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5e7cd0df, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3de45b6c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7c206b14, org.springframework.security.web.access.ExceptionTranslationFilter@6cc56b32, org.springframework.security.web.access.intercept.AuthorizationFilter@7dddfc35]
2023-04-13T17:02:47.589+02:00 INFO 28567 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2023-04-13T17:02:47.597+02:00 INFO 28567 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 2.434 seconds (process running for 2.835)
2023-04-13T17:02:50.531+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /h2-console
2023-04-13T17:02:50.546+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-04-13T17:02:50.565+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/h2-console?continue to session
2023-04-13T17:02:50.565+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2023-04-13T17:02:50.569+02:00 INFO 28567 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-04-13T17:02:50.569+02:00 INFO 28567 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2023-04-13T17:02:50.571+02:00 INFO 28567 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2023-04-13T17:02:50.572+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /error
2023-04-13T17:02:50.578+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-04-13T17:02:50.579+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/error?continue to session
2023-04-13T17:02:50.579+02:00 DEBUG 28567 --- [nio-8080-exec-1] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
Мне удалось решить это, изменив
http.authorizeHttpRequests((requests) ->
requests
.requestMatchers("/", "/h2-console/**").permitAll()
.anyRequest().authenticated()
);
к
http.authorizeHttpRequests((requests) ->
requests
.requestMatchers(PathRequest.toH2Console()).permitAll()
.anyRequest().authenticated()
);
почему вы просто опубликовали раздел журналов, когда я попросил полные журналы?