Jam*_*ane 2 java spring-security jhipster
我已经使用这些值生成了一个JHipster应用程序:
{
"generator-jhipster": {
"jhipsterVersion": "3.1.0",
"baseName": "app",
"packageName": "my.app",
"packageFolder": "my/app",
"serverPort": "8080",
"authenticationType": "session",
"hibernateCache": "ehcache",
"clusteredHttpSession": "no",
"websocket": "no",
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": "elasticsearch",
"buildTool": "gradle",
"enableSocialSignIn": false,
"rememberMeKey": "",
"useSass": true,
"applicationType": "monolith",
"testFrameworks": [],
"jhiPrefix": "jhi",
"enableTranslation": false
}
}
我想允许匿名用户查看实体,但不允许更新或删除该实体。我曾尝试编辑生成的SecurityConfiguration.java文件添加permitAll(HttpMethod.GET,"/**")为authorizeRequests()在configure(HttpSecurity http)法。accessdenied尝试访问实体时,我仍然会被引导到。
以前有人解决过这个用例吗?
这是针对AngularJS 1.x的
用于访问资源:SecurityConfiguration.javain configure(HttpSecurity http)方法
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**").permitAll()
要访问角度视图/状态:对于每个实体,请注释掉或删除authorities只读状态的属性。下面的Book实体示例src/main/webapp/app/entities/book/book.state.js:
.state('book', {
parent: 'entity',
url: '/book',
data: {
// authorities: ['ROLE_USER'],
pageTitle: 'monoApp.book.home.title'
},
....
})
.state('book-detail', {
parent: 'entity',
url: '/book/{id}',
data: {
// authorities: ['ROLE_USER'],
pageTitle: 'monoApp.book.detail.title'
},
但是,请注意以下两点:
SecurityConfiguration,您还可以在处公开用户/api/users。添加permitAll()每个实体会更安全,这样您就可以完全控制公开的内容(白名单方法)