I implemented spring security in my web application. Now all my services are secured and can be only invoked by authorised users. Everything works on webside, but when I call function without log in doesn't work.
here is my Controller(RestController)
Private Sub PrintReport()
Try
Dim sPath As String = Request.PhysicalApplicationPath.ToString() + "ReportOutput\"
Dim command As String = """" + sPath + "SumatraPDF.exe"" -print-to """ + Me.Printer + """ """ + sPath + Me.Report + """ -print-settings ""fit"" "
//command looks like:
//"C:\Dev\Project\ReportOutput\SumatraPDF.exe" -print-to "\\Network\My Printer" "C:\Dev\Project\ReportOutput\card1.pdf" -print-settings "fit"
Shell(command)
Catch ex As Exception
Logger.LogError(ex)
End Try
End Sub
I am using angularjs client side.
答案 0 :(得分:0)
这些功能不应该起作用,因为它们受弹簧安全保护。要允许匿名访问某些函数,您需要配置spring security以执行此操作。 根据您使用的配置,我建议如下: 如果您使用基于XML / Java路由的配置,我建议您执行以下操作:
<security:intercept-url pattern="/trusted/**" filters="none" />
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
如果您使用@PreAuthorize注释,我建议您执行以下操作:
@PreAuthorize("permitAll()")
public void YourAnonymousController(){
}
希望这就是你要找的东西。
编辑1:请注意,您删除了基于路由的安全配置。尝试在要保持安全的函数上添加@PreAuthorize(&#34; hasRole()&#34;),并在匿名函数上添加@PreAuthorize(&#34; permitAll()&#34;)。