我有一个Jersey Rest网络服务,处理个人账户CRUD 我有spring security + oAuth2来保护这个api,我无法配置的是,我想匿名创建Account创建方法。我试图配置拦截网址,但它不适用于方法级别。所以我需要为此目的编写单独的类,否则我可以实现它。
示例类代码
public class AccountResource{
createAccount() --- I want this method to be accessed by Anonymous uers so they can create account without generating tokens.
updateAccount() --
findAccount() --
deleteAccont()--
}
配置代码,保护所有来自'/ services / rest / **'
的所有来电<http pattern="/services/rest/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/services/rest/**" method="GET" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="POST" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="PUT" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="DELETE" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
答案 0 :(得分:1)
如何将安全配置中POST请求的配置更改为:
<intercept-url pattern="/services/rest/**" access="permitAll" method="POST" />