问题
I am using spring-security 5.2 and in the configuration I write the following http.csrf().disable().authorizeRequests()
.antMatchers("/login*", "/js/**", "/css/**", "/vendors/**", "/images/**").permitAll()
.antMatchers("/**").authenticated();
The application url is like http://localhost:8080/myApp The problem is when I call the application url the authentication entry point is not invoked.
Only when I modify the last line to something like .antMatchers("/main*").authenticated(); and then call http://localhost:8080/myApp/main everything works.
I am configuring a Keycloak SSO Server (7.0.1) + using Keycloak Spring Security Adapter. So I was wondering, why the Keycloak Entry point is not invoked in the case .antMatchers("/**").authenticated() and only be called if I wrote something like .antMatchers("/main*").authenticated().
Can anyone explain what is wrong in my original code?
Thanks
回答1:
Your spring security config class extends KeycloakWebSecurityConfigurerAdapter and you call super.configure(http)? If Yes, then you're login page is not /login but /sso/login. And a logout success page is mapped to /. When a logout success page is mapped, Spring will automatically set the security for it to permitAll. Thus, you can try to change the logout success page to another url in order to check if its will fix your problem Something like
http.csrf().disable().authorizeRequests()
.antMatchers("/js/**", "/css/**", "/vendors/**", "/images/**").permitAll()
.antMatchers("/**").authenticated()
.anyRequest().permitAll()
.and().logout().logoutSuccessUrl("/loggedout");来源:https://stackoverflow.com/questions/58657946/keycloak-spring-security-adapter-antmatchers-authenticated-does-not-st