Question

嗨，我有两个网址，

但这些规则不起作用。

/r is spring.jersey.application-path

1.http://localhost:6080/r/helloauthrozied/1234
    Expected:I want to permit only users with ABCD roles
    Actual: Users with out these roles can also access
2.http://localhost:6080/r/hellonoauthrozied/1234
    Expected:Permit anonymous access. No Authentication is required
    Actual:Expecting Authnetication

有人可以帮助我。

我像这样制作了春季启动配置

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Autowired
  private ApiUserDetailsService userDetails;

  @Bean
  public ShaPasswordEncoder passwordEncoder() {
    return new ShaPasswordEncoder();
  }

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    ReflectionSaltSource salt = new ReflectionSaltSource();
    salt.setUserPropertyToUse("username");
    DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
    dao.setUserDetailsService(userDetails);
    dao.setPasswordEncoder(passwordEncoder());
    dao.setSaltSource(salt);
    auth.authenticationProvider(dao);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http
    .authorizeRequests()
         .antMatchers("/hellonoauthrozied/**").permitAll()
         .antMatchers("/helloauthrozied/**").hasAnyRole("ABCD")
    .anyRequest().authenticated().and().csrf().disable().httpBasic();
  }


}

Answer 1

尝试添加requestMatchers()这样的句子：

http
    .requestMatchers()
    .antMatchers("/hellonoauthrozied/**", "/helloauthrozied/**")
.and()
    .authorizeRequests()
    .antMatchers("/hellonoauthrozied/**")
        .permitAll() // or .anonymous() if you only want non-connected users
    .antMatchers("/helloauthrozied/**")
        .hasAnyRole("ABCD")
    .anyRequest()
        .authenticated()
        .and()
        .csrf().disable()
        .httpBasic();

具有上下文路径时，Spring Boot Rolebased访问和匿名访问

1 个答案: