1. 首頁
  2. 問答
  3. 如何允許在@RequestMapping上進行匿名訪問?

如何允許在@RequestMapping上進行匿名訪問?

2017-06-29 78 views
0

如何定義@RequestMapping方法以顯式允許匿名(未經授權)訪問?如何允許在@RequestMapping上進行匿名訪問?

下不工作,總是讓401 Unauthorized

@RequestMapping("/test") 
@Secured(value={"ROLE_ANONYMOUS"}) 
public String test() { 
    return "OK"; 
}

一般來說整個應用程序被固定如下,使用spring-boot

security.basic.enabled=true

@Configuration 
public class AuthConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    private UserDetailsService userDetailsService; 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); 
    } 
}

來源

2017-06-29 membersound

+1

它應該用'@Secured(「ROLE_ANONYMOUS」)'工作,也許你已經重寫了'WebSecurityConfigurerAdapter.configure(HttpSecurity httpSecurity)'這樣'@Secured(「ROLE_ANONYMOUS」)'不被考慮? –

回答

1

您可以覆蓋configure(HttpSecurity httpSecurity)方法和定義有您的規則:

@Configuration 
public class AuthConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    private UserDetailsService userDetailsService; 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); 
    } 

    @Override 
    protected void configure(HttpSecurity httpSecurity) throws Exception 
    { 
     httpSecurity.authorizeRequests() 
      .antMatchers("/test") 
      .permitAll(); 
     super.configure(http); 
    } 
}

來源

2017-06-29 07:20:52 Leffchik

0 
@Configuration 
public class AuthConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    private UserDetailsService userDetailsService; 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); 
    } 

    @Override 
    protected void configure(HttpSecurity httpSecurity) throws Exception 
    { 
     httpSecurity.authorizeRequests().regexMatcher("^((?!test).)*$").permitAll(); 
    } 
}

我不知道test前斜線,但只是嘗試這種負面環視方法。

來源

2017-06-29 07:43:15

相關問題

 相關問題