在以下延續WebSecurityConfigurerAdapter
的類中,我覆蓋了configure(HttpSecurity)
方法。彈簧安全性WebSecurityConfigurerAdapter配置問題
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("fabio")
.password("123")
.roles("ADMIN")
.and()
.withUser("joe")
.password("123")
.roles("GUEST");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/post/list").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout();
}
}
有了這個,我應該能夠得到localhost:8080/post/list
頁面,而無需承諾一個用戶登錄,因爲它有.permitAll()
,但是當我試圖進入它,它總是先提示登錄頁面後,才我輸入以前的憑證,我可以查看它。我怎樣才能解決這個問題 ?
控制器類
@RestController
@RequestMapping("/post")
public class HomeController {
@Secured("ROLE_GUEST")
@RequestMapping("/list")
public String list(){
return "list...";
}
@Secured("ROLE_USER")
@RequestMapping("/drafts")
public String drafts(){
return "drafts...";
}
@Secured({"ROLE_ADMIN","ROLE_USER"})
@RequestMapping("/add")
public String add(){
return "adding...";
}
}
嘗試使用'.antMatchers(「/ post/list **」)。permitAll()' –
它不起作用 – MrSir