相关疑难解决方法(0)

我有一个Spring rest服务,我想将它用于经过身份验证且未经过身份验证的用户.我想从SecurityContextHolder.getContext().getAuthentication()用户身份验证中获取用户信息.

• 如果我 .antMatchers("/app/rest/question/useroperation/list/**").permitAll() 在下面的ouath2配置中使用,那么我可以获得经过身份验证的用户的用户信息,但是对于未经过身份验证的用户,我会收到401错误.
• 如果我 在下面.antMatchers("/app/rest/question/useroperation/list/**").permitAll() 忽略了WebSecurity中的url ,那么所有用户都可以调用该服务,但是我无法从SecurityContext获取用户信息.web.ignoring()..antMatchers("/app/rest/question/useroperation/list/**")SecurityConfiguration

如果用户登录,如何配置我的spring安全性来为经过身份验证且未经过身份验证的用户调用URL并从SecurityContext获取用户信息.

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Inject
    private Http401UnauthorizedEntryPoint authenticationEntryPoint;

    @Inject
    private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
                .and()
                .logout()
                .logoutUrl("/app/logout")
                .logoutSuccessHandler(ajaxLogoutSuccessHandler)
                .and()
                .csrf()
                .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))
                .disable()
                .headers()
                .frameOptions().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/views/**").permitAll()
                .antMatchers("/app/rest/authenticate").permitAll()
                .antMatchers("/app/rest/register").permitAll()
                .antMatchers("/app/rest/question/useroperation/list/**").permitAll()
                .antMatchers("/app/rest/question/useroperation/comment/**").authenticated()
                .antMatchers("/app/rest/question/useroperation/answer/**").authenticated()
                .antMatchers("/app/rest/question/definition/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/app/rest/logs/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/app/**").authenticated()
                .antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/websocket/**").permitAll()
                .antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
                .antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN) …