禁用某些方法的身份驗證

-1

當我包含以下依賴項時，Spring會要求爲所有其餘請求進行身份驗證。禁用某些方法的身份驗證

<dependency> 
     <groupId>org.springframework.boot</groupId> 
     <artifactId>spring-boot-starter-security</artifactId> 
    </dependency>

我的pom.xml

<?xml version="1.0" encoding="UTF-8"?> 
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 
    <modelVersion>4.0.0</modelVersion> 

    <groupId>com.mycompany</groupId> 
    <artifactId>myapp</artifactId> 
    <version>0.0.1-SNAPSHOT</version> 
    <packaging>jar</packaging> 

    <name>MyApp</name> 
    <description></description> 

    <parent> 
     <groupId>org.springframework.boot</groupId> 
     <artifactId>spring-boot-starter-parent</artifactId> 
     <version>1.4.2.RELEASE</version> 
     <relativePath /> <!-- lookup parent from repository --> 
    </parent> 

    <properties> 
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> 
     <java.version>1.8</java.version> 
    </properties> 

    <dependencies> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-data-jpa</artifactId> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-security</artifactId> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-web</artifactId> 
     </dependency> 

     <dependency> 
      <groupId>org.postgresql</groupId> 
      <artifactId>postgresql</artifactId> 
      <scope>runtime</scope> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-test</artifactId> 
      <scope>test</scope> 
     </dependency> 
    </dependencies> 

    <build> 
     <plugins> 
      <plugin> 
       <groupId>org.springframework.boot</groupId> 
       <artifactId>spring-boot-maven-plugin</artifactId> 
      </plugin> 
     </plugins> 
    </build> 


</project>

我UserController.java

@RestController 
@RequestMapping("/users") 
public class UserController { 
    @Autowired 
    UserService us; 

    @RequestMapping("/all") 
    public Hashtable<String, User> getAll() { 
     return us.getAll(); 
    } 

    @RequestMapping("{id}") 
    public User getPerson(@PathVariable("id") String id) { 
     return us.getPerson(id); 
    } 

    @RequestMapping(method = RequestMethod.POST) 
    public void registerNewUser() { 
     us.registerNewUser(); 
    } 
}

如何禁用認證爲registerNewUser()方法？它用於註冊用戶，我不希望對該方法進行任何驗證。

來源

2016-12-06 Arya

您需要一個安全配置類，然後您可以明確限制該行爲。例如：

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
     .authorizeRequests() 
      .antMatchers("https://stackoverflow.com/users/**").authenticated() 
      .antMatchers(HttpMethod.POST, "/users").permitAll(); 
    } 
}

來源

2016-12-06 23:25:08 Vaelyr

我創造了這個類的包org.springframework.security.samples.config下，但響應的身體我仍然獲得未經授權 – Arya

你能確保配置正確您的應用程序進行掃描和有線在？它應該被記錄。 – Vaelyr

Spring引導啓動時日誌中沒有提及「SecurityConfig」。我也嘗試在configure方法的上面添加@Autowired – Arya

禁用某些方法的身份驗證

回答

相關問題