问题
I work on Spring Boot 2.1.
I want all my default endpoints allowed
- either if they're rightly authenticated
- either if they pass on specific authentication rules I've implemented and named * hashSerialSecurityVoter*.
My Code :
SecurityConfig.java
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable().cors().and().exceptionHandling()
/* [...] */
.anyRequest()
.authenticated();
.accessDecisionManager(playerResourceDecisionManager());
}
@Bean
public AccessDecisionManager playerResourceDecisionManager() {
List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList(
new AuthenticatedVoter(),
hashSerialSecurityVoter
);
return new UnanimousBased(decisionVoters);
}
It goes effectivly through both Voters.
But in AuthenticatedVoter, it does not run as I expected.
Even if I'm authenticated, it returns ACCESS_ABSTAIN value.
When I debug it, I've noticed that Manager does not provide any ConfigAttribute.
So authenticatedVoter.supports() methods returns false..
Do I miss something on accessDecisionManager declaration ?
Results is that my main API client does not work anymore because all my requests are returned with 403.
来源:https://stackoverflow.com/questions/61616638/authenticationvoters-has-not-valid-attribute-springsecurity