问题描述
我有一个简单的购物应用程序,它有两种类型的角色“管理员”和“用户”。
控制器方法:
@PostMapping("/admin/category/addProducts")
public void addProductsToCategory(@RequestBody Map input,BindingResult bindingResult) {
try {
if (bindingResult.hasErrors()) {
logger.error(String.valueOf(bindingResult.getFieldError()));
return;
}
String categoryName = input.get("cat_name").toString();
Category category = categoryService.findByCategoryName(categoryName);
if (category == null) {
logger.error("Category %s not exists",categoryName);
return;
}
ArrayList<LinkedHashMap> products = new ArrayList();
products.addAll((Collection) input.get("products"));
for (LinkedHashMap map : products) {
Product newProduct = new Product();
newProduct.setName(map.get("name").toString());
newProduct.setimageUrl(map.get("imageUrl").toString());
newProduct.setDescription(map.get("description").toString());
newProduct.setPrice(new BigDecimal(map.get("price").toString()));
newProduct.setCategory(category);
productService.save(newProduct);
category.getProductsSet().add(newProduct);
}
categoryService.save(category);
} catch (Exception ex) {
logger.error(" Exception in adding new product to category");
}
}
我从邮递员那里用这个值调用它:
POST URL: http://localhost:8080/admin/category/addProducts
{
"cat_name": "Electronics","products": [
{
"name": "Monitor","description": "Samsung 22' monitor","imageUrl": "www.test.com","price": "233.77"
},{
"name": "keyboard","description": "A4tech new version keyboard","imageUrl": "www.key.com","price": "85.33"
}
]
}
但是当我从 Postman 发送请求时,在后端我没有收到请求。
问题的有趣部分是,当 /admin
从 URL 中删除时,它会起作用。我是说
(Backend Code) @PostMapping("/category/addProducts")
(Postman) POST URL: http://localhost:8080/category/addProducts
Spring 安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/","/home","/index","/about","/help","/register","/cart/**").permitAll()
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/admin/**","/product/new").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearauthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.and()
.headers()
.frameOptions()
.sameOrigin();
}
@Override
public void configure(WebSecurity web) {
web
.ignoring()
.antMatchers("/webjars/**","/js/**","/error/**","/css/**","/fonts/**","/libs/**","/img/**","/h2-console/**");
}
//... rest of code
}
你知道问题出在哪里吗?为什么我从 URL 中删除 /admin
有效,而当我将 /admin
放入地址时它不起作用。
有什么办法可以了解从 Postman 发送请求的用户的角色吗? (其实我需要URL开头的/admin
或/user
才能理解用户的角色,判断用户是否有合适的角色调用后端方法。)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)