我的Spring项目/public/signUser中有一个REST端点;我想在没有凭据的情况下授权此端点,以便允许创建用户。但是,如果我尝试对POST端点发出signUser请求,则会收到未经授权的错误。我想为此端点禁用身份验证。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http .httpBasic().and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/public/signUser").permitAll()
.antMatchers("/public/hello", "/swagger-ui/**", "/api-docs/**").permitAll()
.antMatchers("/protected/**").authenticated()
.and()
.httpBasic()
.realmName("PlcManager")
.and()
.csrf()
.disable();
}
}