ohw*_*ppp 5 java spring h2 spring-security
我正在创建 rest api 并实现 Spring Security - 一切正常,但我希望(目前,当我仍在开发时)能够让任何人未经授权打开 localhost:8080/console。我的代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
// allow everyone to register an account; /console is just for testing
http.authorizeRequests().antMatchers("/register", "/console").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated();
// making H2 console working
http.headers().frameOptions().disable();
/*
https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
for non-browser APIs there is no need to use csrf protection
*/
http.csrf().disable();
}
真正奇怪的是 - localhost:8080/register 不需要任何身份验证但 /console 返回:
{
"timestamp": 1485876313847,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/console"
}
有谁知道如何修复它?
jms*_*ido 11
有同样的问题,就我而言:
csrf().ignoringAntMatchers("/h2-console/**")
最后WebSecurityConfigurerAdapter:
http.authorizeRequests().antMatchers("/").permitAll()
.and()
.authorizeRequests().antMatchers("/h2-console/**").permitAll()
.and()
.headers().frameOptions().disable()
.and()
.csrf().ignoringAntMatchers("/h2-console/**")
.and()
.cors().disable();
我有类似的配置。你能尝试一下吗?
http
.authorizeRequests()
.antMatchers("/register").permitAll()
.and()
.authorizeRequests()
.antMatchers("/console/**").permitAll();
| 归档时间: |
|
| 查看次数: |
6114 次 |
| 最近记录: |