Not able to call "/signup" post method using oauth2 configuration. Could you please let me know what wrong am doing?
我能够生成令牌但是要访问我需要提供标头令牌的单身网址。我希望singup url可以在不提供访问令牌的情况下访问任何人。
Below is my config for oauth2 resource server:
@Configuration
protected static class ResourceServer extends WebSecurityConfigurerAdapter {
// configuration for httpsecurity
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
.authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
.and()
.anonymous().disable()
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())
.accessDeniedHandler(new OAuth2AccessDeniedHandler());
// @formatter:on
}
}
// WebSecurityConfigurerAdapter
@Configuration
//@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Autowired
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
protected AccessDeniedHandler accessDeniedHandler() {
return new OAuth2AccessDeniedHandler();
}
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
return new OAuth2AuthenticationEntryPoint();
}
@Bean(name = "myAuthenticationManager")
@Autowired
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/webjars/**", "/images/**",
"/oauth/uncache_approvals", "/oauth/cache_approvals");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(
passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//过滤出注册请求映射
http
.authorizeRequests().antMatchers("/signup").permitAll().and()
// default protection for all resources (including /oauth/authorize)
.authorizeRequests()
.anyRequest().authenticated();
// ... more configuration, e.g. for form login
}
}