嗨,我有两个网址,
但这些规则不起作用。
/r is spring.jersey.application-path
1.http://localhost:6080/r/helloauthrozied/1234
Expected:I want to permit only users with ABCD roles
Actual: Users with out these roles can also access
2.http://localhost:6080/r/hellonoauthrozied/1234
Expected:Permit anonymous access. No Authentication is required
Actual:Expecting Authnetication
有人可以帮助我。
我像这样制作了春季启动配置
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ApiUserDetailsService userDetails;
@Bean
public ShaPasswordEncoder passwordEncoder() {
return new ShaPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
ReflectionSaltSource salt = new ReflectionSaltSource();
salt.setUserPropertyToUse("username");
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(userDetails);
dao.setPasswordEncoder(passwordEncoder());
dao.setSaltSource(salt);
auth.authenticationProvider(dao);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.authorizeRequests()
.antMatchers("/hellonoauthrozied/**").permitAll()
.antMatchers("/helloauthrozied/**").hasAnyRole("ABCD")
.anyRequest().authenticated().and().csrf().disable().httpBasic();
}
}
答案 0 :(得分:0)
尝试添加requestMatchers()这样的句子:
http
.requestMatchers()
.antMatchers("/hellonoauthrozied/**", "/helloauthrozied/**")
.and()
.authorizeRequests()
.antMatchers("/hellonoauthrozied/**")
.permitAll() // or .anonymous() if you only want non-connected users
.antMatchers("/helloauthrozied/**")
.hasAnyRole("ABCD")
.anyRequest()
.authenticated()
.and()
.csrf().disable()
.httpBasic();