期望请求的Spring Security授权

时间:2016-01-09 02:57:03

标签: java spring security spring-mvc

我正在尝试使用重置/密码网址来处理我的弹簧安全问题。每当我打电话给这个网址时,我都会得到401. 

http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

http.exceptionHandling()
        .authenticationEntryPoint(new RestAuthenticationEntryPoint());


http.authorizeRequests()
        .antMatchers("/api/**").authenticated();

http.authorizeRequests()
        .antMatchers(HttpMethod.GET, "/api/password/reset").permitAll();

http.authorizeRequests()
        .antMatchers(HttpMethod.POST, "/api/login").permitAll();


http.addFilterBefore(new StatelessLoginFilter("/api/login", tokenAuthenticationService, userDetailsService, authenticationManager()), UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);

http.formLogin()
        .loginPage("/login").permitAll();

http.logout()
        .deleteCookies("remove")
        .invalidateHttpSession(true)
        .logoutUrl("/api/logout");

为什么春天会抛出一个401?

非常感谢

贾斯汀

2 个答案:

答案 0 :(得分:0)

用户是否经过身份验证?您的配置如此说明:

 http.authorizeRequests()
        .antMatchers("/api/**").authenticated();

我会将重置移动到未经过身份验证的部分:

http.authorizeRequests()
        .antMatchers(HttpMethod.GET, "/api/password/reset").permitAll();

答案 1 :(得分:0)

@Override
public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/api/password/reset");
    }
相关问题
最新问题