Java 不同的端点看起来是随机授权的
我正在编写一个应用程序,试图在其中配置不同端点的可见性 我编写了以下代码:Java 不同的端点看起来是随机授权的,java,spring,spring-security,Java,Spring,Spring Security,我正在编写一个应用程序,试图在其中配置不同端点的可见性 我编写了以下代码: @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable().authorizeRequests() .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() .a
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers(HttpMethod.GET, "/login").permitAll()
.antMatchers(HttpMethod.GET, "/").authenticated()
.antMatchers(HttpMethod.GET, UPVOTE_URL).authenticated()
.antMatchers(HttpMethod.GET, DOWNVOTE_URL).authenticated()
.antMatchers(HttpMethod.POST, LOG_OUT_URL).authenticated()
.antMatchers(HttpMethod.DELETE, DELETE_URL).authenticated()
.antMatchers(HttpMethod.POST, ADD_URL).authenticated()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.logout()
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("No authorization"));
我的程序的行为非常奇怪,因为当我试图到达“/login”或“/”端点时,程序有时会抛出401(如果用户尚未登录,afaik应该将其重定向到登录页面)
在那之后,我重新启动了它,可能在其他地方做了一些小的改动,这些改动似乎完全不相关,我的网站又重新运行了
你们有没有遇到过这样的问题?原因是什么?我在配置中有没有做错什么?这里有三个突出的地方
formLogin()
,因此处理登录页面的筛选器不起作用http
.cors()
.及()
.csrf()
.disable()
.授权请求()
.antMatchers(HttpMethod.POST,SIGN\u URL).permitAll()
.antMatchers(“/login”).permitAll()
.antMatchers(HttpMethod.GET,“/”).authenticated()
.antMatchers(HttpMethod.GET,UPVOTE_URL).authenticated()
.antMatchers(HttpMethod.GET,DOWNVOTE_URL).authenticated()
.antMatchers(HttpMethod.POST,注销URL).authenticated()
.antMatchers(HttpMethod.DELETE,DELETE_URL).authenticated()
.antMatchers(HttpMethod.POST,ADD_URL).authenticated()
.anyRequest().authenticated()
.及()
.addFilterBefore(新的JWTAuthenticationFilter(authenticationManager()),HeaderWriterFilter.class)
.addFilterAfter(新的JWTAuthorizationFilter(authenticationManager()),JWTAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS)
.及()
.formLogin()
.及()
.logout()
;
我们改变了什么