본문 바로가기
공부 기록/오류 기록

This method cannot decide whether these patterns are Spring MVC patterns or not 오류 해결

yurison 2023. 8. 29. 23:31

기존 코드

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/usr/register").permitAll() // 문제 발생
                        .requestMatchers("/usr/login").anonymous()
                        .anyRequest().authenticated())
                ...
                .build();
    }
    
    ...
    
}

수정한 코드1

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(new AntPathRequestMatcher("/usr/register")).permitAll()
                        .requestMatchers(new AntPathRequestMatcher("/usr/login")).anonymous()
                        .anyRequest().authenticated())
                ...
                .build();
    }
    
    ...
    
}

 

수정한 코드2

import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(antMatcher("/usr/register")).permitAll()
                        .requestMatchers(antMatcher("/usr/login")).anonymous()
                        .anyRequest().authenticated())
                ...
                .build();
    }
    
    ...
    
}

참고 자료

https://spring.io/security/cve-2023-34035

 

CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets

CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets HIGH | JULY 17, 2023 | CVE-2023-34035 Description Severity is high unless otherwise noted. Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5 and 6.1 prior t

spring.io

https://marco.dev/spring-boot-h2-error

 

Spring Boot 3.1.2: This method cannot decide ... error | Marco Molteni

Causes and solutions for this error

marco.dev

 

'공부 기록 > 오류 기록' 카테고리의 다른 글

윈도우 환경에서 H2 데이터베이스 연결 시 경로 not found 오류 해결  (0) 2023.06.11
git push 시 충돌로 인해 Rebase and Merge가 불가능한 오류 해결  (0) 2023.06.08
Updates were rejected because the tip of your current branch is behind 오류 해결  (0) 2023.04.30
Java file outside of source root 오류 해결  (0) 2023.04.30

'공부 기록/오류 기록' Related Articles

티스토리툴바