AMI*_*SAI 1 java spring-security spring-boot
我创建了一种在数据库中保存用户详细信息的方法,并且我还有一个在端点 /register 处公开的控制器。我想让 /register 端点可供所有人使用。我已经使用了 spring security 并为 /register 端点授予了所有权限。
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserDetailsServiceImpl userDetailsService;
@Autowired
public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(
request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
.anyRequest().authenticated()
);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
有人可以解释或帮助我解决为什么 allowedAll 在我的情况下不起作用吗?根据我编写的代码,/register 端点应该返回用户详细信息,但它返回 403。/register 端点是一个休息端点,它将用户详细信息作为输入,并在详细信息持久化后返回用户详细信息作为输出。数据库。
@Slf4j
@RestController
public class RegistrationController {
private final UserDetailsServiceImpl userDetailsService;
@Autowired
public RegistrationController(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@PostMapping(value = "/register")
public ResponseEntity<Users> registerNewUser(@Valid @RequestBody Users users) throws EmailAlreadyExistsException {
Users usersDetails = userDetailsService.processRegistration(users);
log.info("{}, Information: Successfully persisted new user",this.getClass().getSimpleName());
return new ResponseEntity<>(usersDetails,HttpStatus.OK);
}
}
我猜你是通过curl 或postman 调用url 的。然后,您必须禁用 CSRF 或改用 GET 映射。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(
request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
.anyRequest().authenticated()
);
}
| 归档时间: |
|
| 查看次数: |
2965 次 |
| 最近记录: |