Java 为什么permitAll()返回403 spring security?
我已经创建了一个在数据库中持久保存用户详细信息的方法,并且我还有一个在端点/寄存器中公开的控制器。我想使/register端点对所有人都可用。我使用了spring security,并为/注册终点提供了所有许可Java 为什么permitAll()返回403 spring security?,java,spring-boot,spring-security,Java,Spring Boot,Spring Security,我已经创建了一个在数据库中持久保存用户详细信息的方法,并且我还有一个在端点/寄存器中公开的控制器。我想使/register端点对所有人都可用。我使用了spring security,并为/注册终点提供了所有许可 @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private final UserDetailsSe
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserDetailsServiceImpl userDetailsService;
@Autowired
public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(
request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
.anyRequest().authenticated()
);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
有人能解释一下或者帮我解释一下为什么permitAll在我的情况下不工作吗。根据我编写的代码,/register端点应该返回用户详细信息,但它返回403。/register端点是一个rest端点,它将用户详细信息作为输入,并在数据持久化到数据库后返回用户详细信息作为输出
@Slf4j
@RestController
public class RegistrationController {
private final UserDetailsServiceImpl userDetailsService;
@Autowired
public RegistrationController(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@PostMapping(value = "/register")
public ResponseEntity<Users> registerNewUser(@Valid @RequestBody Users users) throws EmailAlreadyExistsException {
Users usersDetails = userDetailsService.processRegistration(users);
log.info("{}, Information: Successfully persisted new user",this.getClass().getSimpleName());
return new ResponseEntity<>(usersDetails,HttpStatus.OK);
}
}
@Slf4j
@RestController
公共类注册控制器{
私有最终用户详细信息服务impl用户详细信息服务;
@自动连线
公共注册控制器(UserDetailsServiceImpl userDetailsService){
this.userDetailsService=userDetailsService;
}
@后映射(value=“/register”)
public ResponseEntity RegisterNewser(@Valid@RequestBody Users)引发EmailAlreadyExistsException{
Users usersDetails=userDetailsService.processRegistration(用户);
log.info(“{},信息:成功持久化新用户”,this.getClass().getSimpleName());
返回新的ResponseEntity(usersDetails,HttpStatus.OK);
}
}
我猜您是通过curl或postman调用url。然后必须禁用CSRF或使用GET映射
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(
request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
.anyRequest().authenticated()
);
}