我正在使用Angular和Spring Boot来构建具有Rest API的单页应用程序。这是我的配置:
@SpringBootApplication
@EnableOAuth2Sso
public class AppConfig extends SpringBootServletInitializer implements ApplicationContextAware {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(AppConfig.class);
}
public static void main(String[] args) {
ApplicationContext appContext = SpringApplication.run(AppConfig.class);
context = appContext;
}
@Configuration
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/healthcheck", "/").permitAll()
.antMatchers("/api/**").authenticated()
.anyRequest().authenticated();
}
}
}
我使用的SSO服务由Pivotal Cloud Foundry [PCF]提供。在我加入之前一切都很好
SecurityConfig
类。加载应用程序后,用户将立即重定向到SSO登录页面,然后重定向回应用程序。但我需要排除" healthcheck"来自身份验证的URL这就是我加入SecurityConfig类的原因。但现在SSO身份验证根本不起作用。我只能达到/ healthcheck。
我按照这个例子https://spring.io/guides/tutorials/spring-boot-oauth2/
有人可以告诉我我的代码有什么问题吗?
感谢。
答案 0 :(得分:1)
我明白了。我不得不将我的EnableOAuth2Sso移动到WebSecurityConfigurerAdapter。像这样:
@SpringBootApplication
public class AppConfig extends SpringBootServletInitializer implements ApplicationContextAware {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(AppConfig.class);
}
public static void main(String[] args) {
ApplicationContext appContext = SpringApplication.run(AppConfig.class);
context = appContext;
}
@Configuration
@EnableOAuth2Sso
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/healthcheck", "/").permitAll()
.antMatchers("/api/**").authenticated()
.anyRequest().authenticated();
}
}
}