我正在使用Spring Security。我有一个Controller,其中任何用户都可以访问某些方法,无论他是否经过身份验证,某些方法必须只能访问使用JWT令牌进行身份验证的用户。我已经使用acces =“permitAll()”配置了一些paterns,但它似乎无法工作。如果我尝试访问localhost:8080 / app-of-app / services / public /我得到的401,我在MobileJWTAuthenticationEntryPoint.commence方法中返回。你能帮助我吗?
这是我的context.xml:
<security:global-method-security pre-post-annotations="enabled"/>
<security:http entry-point-ref="mobileJWTAuthenticationEntryPoint"
authentication-manager-ref="mobileJWTAuthenticationManager"
create-session="stateless"
use-expressions="true">
<security:custom-filter ref="mobileJWTAuthenticationFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/services/public/**" access="permitAll()"/>
<security:intercept-url pattern="/services/restAPI/**" access="isAuthenticated()" />
</security:http>
<bean id="mobileJWTAuthenticationEntryPoint" class="co.amleto.server.services.security.MobileJWTAuthenticationEntryPoint"/>
<bean id="mobileJWTAuthenticationFilter" class="co.amleto.server.services.security.MobileJWTAuthenticationFilter" >
<constructor-arg name="authenticationManager" ref="mobileJWTAuthenticationManager"/>
<constructor-arg name="entryPoint" ref="mobileJWTAuthenticationEntryPoint"/>
</bean>
<bean id="mobileJWTAuthenticationProvider" class="co.amleto.server.services.security.MobileJWTAuthenticationProvider"/>
<security:authentication-manager alias="mobileJWTAuthenticationManager">
<security:authentication-provider ref="mobileJWTAuthenticationProvider"/>
</security:authentication-manager>
编辑:我的整个代码的灵感来自:http://massimilianosciacco.com/spring-security-jwt-authentication。在AuthenticationFilter中,我用返回切换了抛出。现在,无论我点击哪个网址,我都会得到空白页。
答案 0 :(得分:0)
问题解决了。正如我在编辑中提到的,我的代码基于OP中添加的链接的解决方案。自定义过滤器有错误的代码:在每种情况下抛出异常。解决方案是调用chain.doFilter(request,response)并从doFilter方法返回以允许匿名url调用。