Spring 禁用某些方法的身份验证
当我包含以下依赖项时,Spring要求对所有rest请求进行身份验证Spring 禁用某些方法的身份验证,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,当我包含以下依赖项时,Spring要求对所有rest请求进行身份验证 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> org.springframework.boot 弹簧启
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
org.springframework.boot
弹簧启动安全
我的pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myapp</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>MyApp</name>
<description></description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.4.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4.0.0
com.mycompany
myapp
0.0.1-快照
罐子
MyApp
org.springframework.boot
spring启动程序父级
1.4.2.1发布
UTF-8
UTF-8
1.8
org.springframework.boot
spring引导启动器数据jpa
org.springframework.boot
弹簧启动安全
org.springframework.boot
SpringBootStarterWeb
org.postgresql
postgresql
运行时
org.springframework.boot
弹簧起动试验
测验
org.springframework.boot
springbootmaven插件
My UserController.java
@RestController
@RequestMapping("/users")
public class UserController {
@Autowired
UserService us;
@RequestMapping("/all")
public Hashtable<String, User> getAll() {
return us.getAll();
}
@RequestMapping("{id}")
public User getPerson(@PathVariable("id") String id) {
return us.getPerson(id);
}
@RequestMapping(method = RequestMethod.POST)
public void registerNewUser() {
us.registerNewUser();
}
}
@RestController
@请求映射(“/users”)
公共类用户控制器{
@自动连线
用户服务我们;
@请求映射(“/all”)
公共哈希表getAll(){
返回us.getAll();
}
@请求映射(“{id}”)
公共用户getPerson(@PathVariable(“id”)字符串id){
返回us.getPerson(id);
}
@RequestMapping(method=RequestMethod.POST)
公共无效注册表ernewuser(){
美国注册商Wuser();
}
}
如何禁用
registerNewUser()
方法的身份验证?它是用于注册用户的,我不希望对该方法进行任何身份验证。您需要一个安全配置类,从那里可以显式限制该行为。例如:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/users/**").authenticated()
.antMatchers(HttpMethod.POST, "/users").permitAll();
}
}
我在org.springframework.security.samples.config包下创建了这个类,但在响应正文中我仍然未经授权。您可以确保应用程序正确扫描了配置并连接了它吗?当Spring启动时,日志中没有提到“SecurityConfig”。我还尝试在configure方法上方添加@Autowired