Java Spring安全身份验证未给出401错误
在一个过滤器中,我在spring安全上下文中添加了以下角色Java Spring安全身份验证未给出401错误,java,spring,spring-security,spring-boot,Java,Spring,Spring Security,Spring Boot,在一个过滤器中,我在spring安全上下文中添加了以下角色 @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { GrantedAuthority authority = new SimpleGrantedAuthority(ANONY
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
GrantedAuthority authority = new SimpleGrantedAuthority(ANONYMOUS);
List<GrantedAuthority> grantedAuthority = new ArrayList<>();
grantedAuthority.add(authority);
Authentication authentication = new AnonymousAuthenticationToken(ANONYMOUS, ANONYMOUS, grantedAuthority);
SecurityContextHolder.getContext().setAuthentication(authentication);
arg2.doFilter(arg0,arg1);
}
@覆盖
公共无效doFilter(ServletRequest arg0、ServletResponse arg1、FilterChain arg2)
抛出IOException、ServletException{
GrantedAuthority=新的SimpleGrantedAuthority(匿名);
List grantedAuthority=新建ArrayList();
授予的权限。添加(权限);
身份验证=新的AnonymousAuthenticationToken(匿名、匿名、授权);
SecurityContextHolder.getContext().setAuthentication(身份验证);
arg2.doFilter(arg0,arg1);
}
然后从rest api方法中的控制器中,检查授权角色,如下所示
@RestController
@RequestMapping(value = "/api")
public class MyController {
@RequestMapping(value = "/myservice1", method = RequestMethod.GET)
@PreAuthorize("hasRole('ROLE_USER')")
public HttpEntity<String> myService() {
System.out.println("-----------myService invoke-----------");
return new ResponseEntity<String>(HttpStatus.OK);
}
}
@RestController
@请求映射(value=“/api”)
公共类MyController{
@RequestMapping(value=“/myservice1”,method=RequestMethod.GET)
@预授权(“hasRole('ROLE_USER'))
公共HttpEntity myService(){
System.out.println(“------------myService invoke-----------------”;
返回新的响应状态(HttpStatus.OK);
}
}
但是当我调用上面的API时,它成功地打印了sysout。但它应该会给我一个401未经授权的错误,对吗?只需通过以下方式启用方法级别的安全性:
@EnableGlobalMethodSecurity(prePostEnabled = true)
您是否启用了方法级安全性?在SecurityConfig类中添加@EnableGlobalMethodSecurity(prespenabled=true)后,它就可以工作了。如果你能把它加入asnwer,我会接受的。谢谢