我想禁用特定端点的安全性,以便我可以调用Controller。不幸的是,当我拨打电话时,我得到一个304(我在Chrome的开发者工具中看到它),我被重定向到React前端,忽略了我的控制器端点
@EnableWebSecurity
@Configuration
@EnableOAuth2Sso
@EnableRedisHttpSession
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login*").permitAll()
.and().anonymous()
.disable()
.exceptionHandling()
.defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint(""), new AntPathRequestMatcher("/api/ **"))
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl("/logout")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.invalidateHttpSession(true)
.logoutSuccessUrl(ssoLogoutUrl)
.and()
.csrf()
.csrfTokenRepository(withHttpOnlyFalse());
}
}
@SpringBootApplication
@EnableZuulProxy
@EnableDiscoveryClient
@Import({AuthUserDetailService.class, GatewayWebSecurityConfig.class, VccLoginController.class})
public class GatewayApplication {
public static void main(String[] args) {
new SpringApplicationBuilder(GatewayApplication.class).run(args);
}
}
@Controller
public class LoginController {
@RequestMapping("/login")
public String login(Model model) {
return "login.html";
}
}
答案 0 :(得分:0)
尝试这样的事情:
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/login/**").permitAll()
.anyRequest().authenticated();
请注意,我已经允许每个端点的选项请求(因为在POST和PUT请求之前反应会利用它们)并且我已将登录路径正则表达式更改为/login/**。