6
也許我在這裏做錯了什麼,我只是不知道什麼...如何重新啓用對Spring Boot Health端點的匿名訪問?
我有一個Oauth2身份驗證服務器和同一個應用程序中的資源服務器。
資源服務器配置:
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
public static final String RESOURCE_ID = "resources";
@Override
public void configure(final ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID);
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/health").permitAll();
}
}
認證服務器配置:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic().realmName("OAuth Server");
}
}
當我試圖訪問/健康,我得到了一個HTTP/1.1 401未經授權。
我該如何說服Spring Boot讓匿名訪問的健康/健康?
在SecurityConfig我想你想補充一點:.antMatchers(HttpMethod.GET,「/ health」)。permitAll(); – mherbert
您指定映射的順序也是它們查詢的順序。第一場比賽勝利......因爲'/ **'匹配所有你的'/健康'映射是無用的。把它移到'/ **'映射的上面以使它起作用。 –
@ M.Deinum謝謝,解決了這個問題。如果您將此添加爲答案,我很樂意接受它。 – endrec