我想知道是否可以访问所有用户的特定网址? 我有一个休息控制器:
@RestController
@RequestMapping("/travel/")
public class TravelController {
@RequestMapping(value = { "/" }, method = { RequestMethod.POST })
public String newTravel(HttpEntity<String> httpEntity)
{
...
return null;
}
@RequestMapping(value = { "/follow/{travelId}/{email}/" }, method = { RequestMethod.POST })
public ResponseEntity<String> followTravel(@PathVariable int travelId,@PathVariable String email, HttpEntity<String> httpEntity)
{
...
}
我想限制所有POST对经过身份验证的用户的访问权限,但是会向所有用户授权followTravel()。
我的安全配置是:
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.csrf() //
.disable() //
.authorizeRequests() //
.antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated
.anonymous() //
.antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated
.authenticated() //
.antMatchers(HttpMethod.PUT, "/**") // permit all PUT to authenticated
.authenticated() //
.antMatchers(HttpMethod.DELETE, "/**") // permit all DELETE to authenticated
.authenticated() //
.anyRequest() //
.permitAll() //
.and() //
.httpBasic() //
.and() //
.sessionManagement() //
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我尝试了设置
.antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated
.anonymous() //
之前或之后
.antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated
.authenticated() //
但没有成功。我通常会在SO中找到答案,但对于这个答案却没有。
由于
答案 0 :(得分:0)
你试过了吗?
.antMatchers(HttpMethod.POST, YOUR_FINAL_STATIC_STRING_URL).permitAll();
答案 1 :(得分:0)
我发现错误,配置正确,但安全性没有正确定义,有2个类扩展了WebSecurityConfigurerAdapter,而我修改的那个类从未被读过。