任何人都可以帮助我,我现在已经为这些人扭曲了3天但是无法让它发挥作用。
API网关应用程序和安全配置和资源服务器:
@SpringBootApplication
@EnableZuulProxy
@EnableDiscoveryClient
public class Application {
/**
* This is where the application is bootstrapped.
*
* @param arguments the command line arguments
*/
public static void main(String... arguments) {
SpringApplication.run(Application.class, arguments);
}
}
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@Order(6)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/", "/webjars/**").permitAll()
.antMatchers("/xuath/login**", "/security/oauth/**", "/user/oauth/**").permitAll()
.antMatchers("/user/api/account**", "/user/api/account/**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and()
.logout()
.logoutUrl("/xuath/logout")
.logoutSuccessUrl("/").permitAll()
.and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
}
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**").authorizeRequests()
.anyRequest().authenticated()
.and()
.antMatcher("/admin/**").authorizeRequests()
.anyRequest().hasRole("ADMIN");
}
}
示例yml zuul路由:
zuul:
routes:
app-security:
path: /security/**
retryable: true
sensitive-headers:
strip-prefix: false
以下是app-security应用程序和安全配置以及资源服务器配置:
@SpringBootApplication
@EnableJpaAuditing
@EnableDiscoveryClient
public class Application {
/**
* This is used for method level validation.
*
* @return the {@link MethodValidationPostProcessor}
*/
@Bean
public MethodValidationPostProcessor methodValidationPostProcessor() {
return new MethodValidationPostProcessor();
}
/**
* This is where the application is bootstrapped.
*
* @param arguments the command line arguments
*/
public static void main(String... arguments) {
SpringApplication.run(Application.class, arguments);
}
}
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* {@inheritDoc }
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/oauth/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
/**
* {@inheritDoc }
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**").authorizeRequests()
.anyRequest().authenticated();
}
}
当我在成功验证后尝试从浏览器请求以下url localhost:80 / security / oauth / me时,它将返回当前登录用户的json响应。但是当我尝试使用$http.get()在我的AngularJS应用程序中使用它时,它返回404未找到。为什么呢?
以下是我的AngularJS控制器:
duyogApp.controller 'loginCtrl', ['$scope', ($scope) ->
$http.get('http://localhost:80/security/oauth/me').then (d) ->
console.log d.data
]