CODEWITHSUNDEEP
spring-security
Mike Huang
Mike Huang

Reputation: 257

spring-security redirect 404 error

I'm using spring boot security as ACL for my restful services. The security adapter as below

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableRedisHttpSession
@Order(2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService userDetailsService;


    @Bean
    public HttpSessionStrategy httpSessionStrategy() {
        return new HeaderHttpSessionStrategy();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic()
                .and().csrf().disable()
                .authorizeRequests()
                .anyRequest().authenticated()
                .and().userDetailsService(userDetailsService);
    }
}

The snap of userdetailservice

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Yuangong yuangong = yuangongService.getYuangongByNo(username).getData();

        List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<SimpleGrantedAuthority>();

        grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ALL"));

        return new User(yuangong.getNo(), yuangong.getPassword(), grantedAuthorities);
    }

The endpoint annotated by @RestController, and the method in endpoint like 

@RestController
@RequestMapping(path = "/bumen")
public class BumenEndpoint {
//    @PermitAll
        @PreAuthorize("hasRole('ROLE_ALL')")
        @RequestMapping(path = "/getBumenTreeList", method = RequestMethod.GET )
        public HttpResult<List<Map<String, Object>>> getBumenTreeData(Principal principal) {
            System.out.println(principal.getName());
            return new HttpResult(bumenService.getBumenTreeList());
}

If I use @permitAll, it worked find and return the right JSON response. If using @PreAuthorize("hasRole('ROLE_ALL')"), it can pass the auth and can debug into this method, but the response will be redirected to "/bumen/bumen/getBumenTreeList" (double '/bumen') with 404 error. if I don't implements the BumenEndpoint, there will not being redirected and return the right response.

I'm not sure which part cause the redirecting.

Upvotes: 2

Views: 1683

Answers (1)

Mike Huang
Mike Huang

Reputation: 257

The issue was caused by the annotation. I have fixed it as per this Spring-MVC Problem using @Controller on controller implementing an interface

Upvotes: 2

Related Questions