Java 如何禁用特定端点的身份验证?
对的回答解释了Java 如何禁用特定端点的身份验证?,java,spring-boot,authentication,spring-security,Java,Spring Boot,Authentication,Spring Security,对的回答解释了permitAll()的意思是“允许所有经过身份验证的用户”,如果要跳过身份验证,则需要这样做 @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/chores"); } 这对我不起作用 特别是,这里是我想要通过的控制器测试 @SpringBootTest @AutoConfigureMockMvc public class Cho
permitAll()
的意思是“允许所有经过身份验证的用户”,如果要跳过身份验证,则需要这样做
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/chores");
}
这对我不起作用
特别是,这里是我想要通过的控制器测试
@SpringBootTest
@AutoConfigureMockMvc
public class ChoreApplicationTest
{
@Autowired
private MockMvc mockMvc;
@Test
public void choresShouldBeEmptyAtStart() throws Exception
{
this.mockMvc.perform(get("/chores")).
andExpect(status().isOk());
}
测试结果:
java.lang.AssertionError: Status expected:<200> but was:<401>
Expected :200
Actual :401
我想你可以想象家务控制器中有什么,但为了完整起见,这里是相关部分:
@RestController
public class ChoreController
{
private final ChoreRepository repository;
ChoreController(ChoreRepository repository)
{
this.repository = repository;
}
@GetMapping("/chores")
List<Chore> all()
{
return this.repository.findAll();
}
}
那么为什么我的测试得到的返回码是401,我该如何修复它呢
@ActiveProfiles("integration-test")
@SpringBootTest
@AutoConfigureMockMvc
public class ChoreApplicationTest{}
@Configuration
@EnableWebSecurity
@Profile("!integration-test")
public class SecurityConfigurer extends WebSecurityConfigurerAdapter{}
您可以通过这种方式忽略安全性
如果您正在编写集成测试,那么可以将概要文件设置为忽略spring的某些特定区域。例如:安全
ActiveProfile可以位于配置文件中。配置(WebSecurity web)中的安全配置正确,但问题是由于包不同,
SecurityConfigure
未被调用
Spring Boot从作为ChoreApplication的主应用程序开始执行,还要注意,除了SecurityConfigure(在包安全性中)之外,所有类都在包chore中
我们的主要应用程序类由@springbootplication
组成,其中
@SpringBootApplication = @SpringBootConfiguration + @EnableAutoConfiguration + @ComponentScan
@组件扫描
默认情况下,spring将处理包杂务中的所有类,这里的问题是spring对其他包中的类一无所知。这里是包安全中的securityconfigure
要调用securityconfigure
,我们必须将安全包添加到组件扫描中(basePackages={“chores”,“security”})
ChoreApplication.java
package chores;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
@SpringBootApplication
@ComponentScan(basePackages = {"chores", "security"})
public class ChoreApplication
{
public static void main(String args[])
{
SpringApplication.run(ChoreApplication.class, args);
}
}
package security;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/chores");
}
}
securityconfig.java
package chores;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
@SpringBootApplication
@ComponentScan(basePackages = {"chores", "security"})
public class ChoreApplication
{
public static void main(String args[])
{
SpringApplication.run(ChoreApplication.class, args);
}
}
package security;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/chores");
}
}
你可能喜欢探索
删除
super.configure(web)
从配置(WebSecurity web)
并确保在此方法中包含正确的端点。你能分享一下吗request@PatelRomil没有super
,我也能得到同样的东西。我已经编辑了整个请求。您好@jon,您的securityconfigure
类是否包含configure(HttpSecurity http)
方法?另外,在securityconfigure
中添加@EnableGlobalMethodSecurity(preprestenabled=true,securedEnabled=true)
,让我知道securityconfigure
是否同时包含configure(WebSecurity-web)
和configure(HttpSecurity-http)
。确保configure(WebSecurity-web)
位于configure(HttpSecurity-http)
@PatelRomil上面粘贴的SecurityConfigurer
正是我在代码中使用的。我添加了@EnableGlobalMethodSecurity
注释,得到了相同的结果。