我有两个服务器:授权和资源,如果我使用Bearer access_token作为我的资源服务器但是我需要匿名访问某些端点(即http://localhost:8080/games但不是{{} 1}})。如何制作?
现在,我试图允许匿名访问所有端点进行测试,但它不起作用。在我的配置下面:
http://localhost:8080/games/new我的@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "virto";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
resources.tokenServices(tokenService());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous()
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated();
}
@Primary
@Bean
public RemoteTokenServices tokenService() {
final String url = ServerConfig.USERS_HOST + "/oauth/check_token";
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl(url);
tokenService.setClientId("virto");
tokenService.setClientSecret("secret");
return tokenService;
}
}
课程:
Application现在,如果我尝试访问某个没有访问令牌的端点,我将在浏览器中收到下一条消息:
@SpringBootApplication
@EnableKafka
@EnableAutoConfiguration
public class Application {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication
.run(Application.class, args);
DispatcherServlet dispatcherServlet = (DispatcherServlet)ctx
.getBean("dispatcherServlet");
dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);
}
}