如何在spring boot中禁用特定URL的安全筛选器
嗨,我为我的项目添加了rest web服务..当我在没有登录到我的帐户的情况下调用rest服务时,我的rest服务重定向到登录页面。。。如何仅为web服务URL删除此功能。。。。其他URL需要使用此安全性 这是我的安全配置如何在spring boot中禁用特定URL的安全筛选器,spring,spring-boot,spring-security,jax-rs,Spring,Spring Boot,Spring Security,Jax Rs,嗨,我为我的项目添加了rest web服务..当我在没有登录到我的帐户的情况下调用rest服务时,我的rest服务重定向到登录页面。。。如何仅为web服务URL删除此功能。。。。其他URL需要使用此安全性 这是我的安全配置 package lk.slsi.security.configuration; import lk.slsi.security.services.AuthenticationService; import org.apache.logging.log4j.LogManage
package lk.slsi.security.configuration;
import lk.slsi.security.services.AuthenticationService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
/**
* Created by ignotus on 1/26/2017.
*/
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class);
@Autowired
private AuthenticationService authenticationService;
private RequestMatcher requestMatcher = new RequestMatcher() {
private AntPathRequestMatcher[] disableCsrfMatcher = {
new AntPathRequestMatcher("*/**")
};
@Override
public boolean matches(HttpServletRequest httpServletRequest) {
for (AntPathRequestMatcher match : disableCsrfMatcher) {
if (match.matches(httpServletRequest)) {
return false;
}
}
return true;
}
};
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/restservice/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/view/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and().logout().invalidateHttpSession(true)
.permitAll().logoutSuccessUrl("/");
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
ShaPasswordEncoder encoder = new ShaPasswordEncoder(224);
try {
auth.userDetailsService(authenticationService).passwordEncoder(encoder);
} catch (Exception e) {
logger.error("Error Occurred while authentication. [{}]", e);
}
}
}
这是我的rest服务配置类(JAX-RS)
这是我的rest服务控制器
@Path("getby")
public class webServiceforCustoms {
@Autowired
private permitServices permitServices;
/**
* Creates a new instance of GenericResource
*/
public webServiceforCustoms() {
}
/**
* Retrieves representation of an instance of lk.slsi.GenericResource
*
* @param id
* @return an instance of java.lang.String
*/
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/date/{dtIssue}")
public List<CustomsPermit> getXmlbyDate(@PathParam("dtIssue") String dtIssue) {
List<CustomsPermit> permitRelease = permitServices.getPermitByDate(dtIssue);
return permitRelease;
}
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/id/{SNumber}")
public CustomsPermit getXmlbyEntryNo(@PathParam("SNumber") String SNumber) {
CustomsPermit permitRelease = permitServices.getPermitBySNumber(SNumber);
return permitRelease;
}
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/vatno/{importerVAT}")
public List<CustomsPermit> getXmlbyVATNo(@PathParam("importerVAT") String importerVAT) {
List<CustomsPermit> permitRelease = permitServices.getPermitByImporterVAT(importerVAT);
return permitRelease;
}
/**
* PUT method for updating or creating an instance of GenericResourcer
*
* @param content representation for the resource
*/
@PUT
@Consumes(MediaType.APPLICATION_XML)
public void putXml(String content) {
}
}
@Path(“getby”)
公共类WebServiceCircustoms{
@自动连线
私人许可服务许可服务;
/**
*创建GenericResource的新实例
*/
公共Web服务Circustoms(){
}
/**
*检索lk.slsi.GenericResource实例的表示形式
*
*@param-id
*@返回java.lang.String的实例
*/
@得到
@生成(MediaType.APPLICATION\u XML)
@路径(“/date/{dtIssue}”)
公共列表getXmlbyDate(@PathParam(“dtIssue”)字符串dtIssue){
List permitRelease=permitServices.getPermitByDate(dtIssue);
归还许可证租赁;
}
@得到
@生成(MediaType.APPLICATION\u XML)
@路径(“/id/{SNumber}”)
public custompermit getXmlbyEntryNo(@PathParam(“SNumber”)字符串SNumber){
custompermit permitRelease=permitServices.getPermitBySNumber;
归还许可证租赁;
}
@得到
@生成(MediaType.APPLICATION\u XML)
@路径(“/vatno/{importerVAT}”)
公共列表getXmlbyVATNo(@PathParam(“importerVAT”)字符串importerVAT){
List permitRelease=permitServices.getPermitByImporterVAT(importerVAT);
归还许可证租赁;
}
/**
*更新或创建GenericResourcer实例的PUT方法
*
*@param资源的内容表示形式
*/
@放
@使用(MediaType.APPLICATION_XML)
公共void putXml(字符串内容){
}
}
从配置中删除此项并添加此项
.antMatchers("/restservice/**"").permitAll()
请回答您的问题,并将代码设置为a。1. <代码>请求匹配程序从未在代码中使用。2.您的REST控制器似乎处于/TransferPermit/SlsitoCustoms/getby
下。在哪里配置路径/restservice
?3. <代码>在您的配置中尝试
和捕获
不需要全局,这不是实际进行身份验证的地方。这只是配置。
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/restservice/**");
}
.antMatchers("/restservice/**"").permitAll()