在Springboot安全应用程序中公开不安全的Restful端点

时间:2014-09-16 21:55:36

标签: spring-security spring-boot

我想在Springboot安全应用程序中公开一个不安全的Restful端点。 GET请求到端点/ api / notify工作,但POST请求导致403.如何配置以便远程客户端可以从服务器POST / api / notify?

我的扩展WebSecurityConfigurerAdapter如下所示:

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers("/signup").permitAll()
        .antMatchers("/reset").permitAll()
        .antMatchers("/api/notify").permitAll()
        .anyRequest().authenticated();
    http
        .formLogin()
            .defaultSuccessUrl("/home")
        .failureUrl("/login?error")
        .loginPage("/login")
        .permitAll()
        .and()
        .logout()
        .permitAll();
}

2 个答案:

答案 0 :(得分:4)

我认为这就是你要找的东西:

@Configuration
@EnableWebMvcSecurity
public class SecurityCtxConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers(HttpMethod.POST,
                        "<YOUR URL>");
    }

答案 1 :(得分:0)

我建议你尝试以下配置:

protected void configure(HttpSecurity http) throws Exception {
    //This reads, invoke this configuration only when
    //the pattern "/api/notify" is found.
    //When this configuration is invoked, restrict access,
    //disable CSRF, and if the path matches "/api/notify" permit all.
    http.antMatcher("/api/notify")
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/notify")
        .permitAll();

    //Your other configuration...
    http
        .authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers("/signup").permitAll()
        .antMatchers("/reset").permitAll()
        .anyRequest().authenticated();
    http
        .formLogin()
            .defaultSuccessUrl("/home")
        .failureUrl("/login?error")
        .loginPage("/login")
        .permitAll()
        .and()
        .logout()
        .permitAll();
}
相关问题
最新问题