如何在Spring Security OAuth-2 Rest应用程序中的特定URL中允许公共访问。
我的所有网址都以/rest/**安全开头,但我希望公开/rest/about,因此我不需要用户进行身份验证即可访问它。我尝试使用permitAll(),但它仍然需要请求中的令牌。这是我的HttpSecurity配置:
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}
}
对/rest/about的GET请求仍会返回401 Unauthorized - "error":"unauthorized","error_description":"Full authentication is required to access this resource"
答案 0 :(得分:26)
找到答案。我只需要添加anonymous():
public void configure(HttpSecurity http) throws Exception {
http
.anonymous().and()
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}