Java 如何允许对@RequestMapping进行匿名访问?
如何定义Java 如何允许对@RequestMapping进行匿名访问?,java,spring,spring-security,Java,Spring,Spring Security,如何定义@RequestMapping方法来显式允许匿名(未经授权)访问 以下操作不起作用,总是得到未经授权的401: @RequestMapping("/test") @Secured(value={"ROLE_ANONYMOUS"}) public String test() { return "OK"; } 一般来说,整个应用程序使用spring boot进行如下安全保护: security.basic.enabled=true @Configuration public cla
@RequestMapping
方法来显式允许匿名(未经授权)访问
以下操作不起作用,总是得到未经授权的401
:
@RequestMapping("/test")
@Secured(value={"ROLE_ANONYMOUS"})
public String test() {
return "OK";
}
一般来说,整个应用程序使用spring boot
进行如下安全保护:
security.basic.enabled=true
@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
}
您可以重写
configure(HttpSecurity-HttpSecurity)
方法并在其中定义规则:
@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity.authorizeRequests()
.antMatchers("/test")
.permitAll();
super.configure(http);
}
}
在
测试之前,我不确定是否使用斜杠,但请尝试这种负面环视方法。如果@security(“ROLE\u ANONYMOUS”)
可以使用斜杠,也许您已经覆盖了Web安全配置适配器。configure(HttpSecurity HttpSecurity)
,所以这@security(“ROLE\u ANONYMOUS”)
是否未被考虑在内?
@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity.authorizeRequests().regexMatcher("^((?!test).)*$").permitAll();
}
}