Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/355.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/vb.net/15.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring security permitAll需要授权标头_Java_Spring_Security_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring security permitAll需要授权标头

Java Spring security permitAll需要授权标头

java spring security spring-mvc spring-security

Java Spring security permitAll需要授权标头,java,spring,security,spring-mvc,spring-security,Java,Spring,Security,Spring Mvc,Spring Security,我有一个具有两个REST端点的应用程序: 获取/api/产品(不安全) POST/api/产品(安全) 对于第一个端点,我不想发送“Authorization”头。为此,我配置了以下xml: <security:intercept-url pattern="/api/products" method="GET" access="permitAll"/> 对于第二个端点,我确实希望发送“Authorization”头。因此,我配置此xml: <security:inte

我有一个具有两个REST端点的应用程序:

  • 获取/api/产品(不安全)
  • POST/api/产品(安全)
对于第一个端点,我不想发送“Authorization”头。为此,我配置了以下xml:

<security:intercept-url pattern="/api/products" method="GET" access="permitAll"/>
对于第二个端点,我确实希望发送“Authorization”头。因此,我配置此xml:

<security:intercept-url pattern="/api/products" method="POST" access="hasRole('ROLE_ADMIN')"/>
出乎意料的是,GET/api/products需要一个“Authorization”头,它返回401。POST/api/products工作得非常好。我只发送一个带有有效值的“Authorization”头,一切都很顺利

我意识到将
与access=“permitAll”一起使用不会禁用“Authorization”标题的需要,对吗?如果是,我可以设置什么样的配置来实现我的目标

我正在使用Spring Security 4

您应该简单地删除
,并且不要为
/api/products
获取
资源指定任何安全配置。
您尝试过从配置中简单地注释
(或删除)吗?:)