Fab*_*mos 15 rest spring spring-mvc spring-security oauth-2.0
如何在Spring Security OAuth-2 Rest应用程序中的特定URL中允许公共访问.
我的所有URL都以/rest/**安全方式启动,但希望/rest/about公开,因此我不需要用户进行身份验证即可访问它.我尝试过使用permitAll()但它仍然需要请求中的令牌.这是我的HttpSecurity配置:
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}
}
GET请求/rest/about仍然返回401 Unauthorized - "error":"unauthorized","error_description":"Full authentication is required to access this resource"
Fab*_*mos 31
找到了答案.我只需要添加anonymous():
public void configure(HttpSecurity http) throws Exception {
http
.anonymous().and()
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}
得到了答案:https://stackoverflow.com/a/25280897/256245
| 归档时间: |
|
| 查看次数: |
9210 次 |
| 最近记录: |