0
我想要禁用特定端點的安全性,以便我可以撥打控制器的電話。不幸的是,我進行一個電話,我得到一個304(我看到它在Chrome的開發者工具),我重定向到陣營前端,無視我的控制器的端點彈簧安全排除路徑不呼叫控制器的端點與Zuul網關
@EnableWebSecurity
@Configuration
@EnableOAuth2Sso
@EnableRedisHttpSession
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login*").permitAll()
.and().anonymous()
.disable()
.exceptionHandling()
.defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint(""), new AntPathRequestMatcher("/api/ **"))
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl("/logout")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.invalidateHttpSession(true)
.logoutSuccessUrl(ssoLogoutUrl)
.and()
.csrf()
.csrfTokenRepository(withHttpOnlyFalse());
}
}
@SpringBootApplication
@EnableZuulProxy
@EnableDiscoveryClient
@Import({AuthUserDetailService.class, GatewayWebSecurityConfig.class, VccLoginController.class})
public class GatewayApplication {
public static void main(String[] args) {
new SpringApplicationBuilder(GatewayApplication.class).run(args);
}
}
@Controller
public class LoginController {
@RequestMapping("/login")
public String login(Model model) {
return "login.html";
}
}
我試過了,但它不起作用。 –
您是否刪除了第二個 '.and() .authorizeRequests() .anyRequest()。authenticated()' ? – desoss
我想我有這個問題,因爲我正在使用Zuul。 –