Java 带和不带标记的Spring REST相同端点
以下端点:Java 带和不带标记的Spring REST相同端点,java,spring,rest,Java,Spring,Rest,以下端点: @RequestMapping(value = "/activated",method = RequestMethod.GET) public GameHolder getAllGames(){ return gameService.getActivatedGames(); } 获取一些游戏,可以在不使用令牌的情况下请求此路径(WebSecurityConifugurerAdapter): 但是如果用户登录,我会调用userSer
@RequestMapping(value = "/activated",method = RequestMethod.GET)
public GameHolder getAllGames(){
return gameService.getActivatedGames();
}
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
final String authorization = httpServletRequest.getHeader("Authorization");
try{
if(authorization != null && !authorization.isEmpty() && authorization.toLowerCase().startsWith(tokenType.toLowerCase() + " ")){
String[] tokenTypeAndToken = authorization.split(" ");
final UserAuthentication tokenAuthentication = new UserAuthentication();
tokenAuthentication.setCredentials(tokenTypeAndToken[1]);
SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(tokenAuthentication));
}
else{
throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED,"No token provided!");
}
filterChain.doFilter(httpServletRequest,httpServletResponse);
}
尝试覆盖
configure(HttpSecurity http)permitAll@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/games/activated").permitAll()
}
好吧,一旦你忽略它。。是的,我知道,这就是我提出问题的原因,我不想向端点写入一个用于已验证用户的端点和一个用于未登录用户的端点。我正在寻找答案,tooIt让我找到了authenticate方法,但我必须在那里指定我猜的路径?上面编辑您可以使用SecurityContext获取当前经过身份验证的用户。啊,对不起,我的意思是doFilterInterl未进行身份验证。那么您是否手动实现了此方法?出于什么目的。或多或少是手动的,我从AuthenticationProvider接口重写了它。为什么?我想这应该是可读的,以验证用户并在SecurityContextHolder中设置它。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/games/activated").permitAll()
}