我将zuul代理用于路由,并为此添加了JWT身份验证。我已指定要跳过具有授权的API,例如(/ auth),但是我无法调用相同的API,因为我也为允许的URL获取了401。
以下是代码段。
实现WebSecurityConfigurerAdapter的类
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
.and()
.addFilterAfter(new JwtTokenAuthenticationFilter(jwtConfig), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/auth/**").permitAll()
.antMatchers("/ping").permitAll()
.antMatchers("/login/**").permitAll()
.antMatchers("/signup/**").permitAll()
.anyRequest().authenticated();
}
还有我的application.properties文件如下所示
server.port=8762
spring.application.name=zuul-server
eureka.client.service-url.default-zone=http://localhost:8761/eureka/
# A prefix that can added to beginning of all requests.
zuul.prefix=/api
# Disable accessing services using service name (i.e. gallery-service).
# They should be only accessed through the path defined below.
zuul.ignored-services=*
# Map paths to services
zuul.routes.user-service.path=/users/**
zuul.routes.user-service.service-id=user-service
zuul.routes.user-service.sensitive-headers=Cookie,Set-Cookie
# Map path to auth service
zuul.routes.auth-service.path=/auth/**
zuul.routes.auth-service.service-id=auth-service
zuul.routes.auth-service.strip-prefix=false
# Exclude authorization from sensitive headers
zuul.routes.auth-service.sensitive-headers=Cookie,Set-Cookie
但是我无法点击/ ping或/ login或/ auth API都给出401。
有人可以帮我吗?
提前谢谢!!!