以下终点:
@RequestMapping(value = "/activated",method = RequestMethod.GET)
public GameHolder getAllGames(){
return gameService.getActivatedGames();
}
给我一些游戏,可以在没有令牌的情况下请求此路径(WebSecurityConifugurerAdapter):
@Override
public void configure(WebSecurity web) throws Exception {
//Add Paths which should be ignored by authentication
web.ignoring().antMatchers("/games/activated");
}
但是如果用户登录,我会调用userService并加载一些额外的数据,但现在的问题是,由于忽略()它完全忽略了身份验证,如何在提供令牌时输入身份验证?< / p>
我希望你明白我的意思
我的&#34; doFilterInternal&#34;看起来像:
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
final String authorization = httpServletRequest.getHeader("Authorization");
try{
if(authorization != null && !authorization.isEmpty() && authorization.toLowerCase().startsWith(tokenType.toLowerCase() + " ")){
String[] tokenTypeAndToken = authorization.split(" ");
final UserAuthentication tokenAuthentication = new UserAuthentication();
tokenAuthentication.setCredentials(tokenTypeAndToken[1]);
SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(tokenAuthentication));
}
else{
throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED,"No token provided!");
}
filterChain.doFilter(httpServletRequest,httpServletResponse);
}
答案 0 :(得分:2)
尝试覆盖configure(HttpSecurity http),&amp;而不是忽略它,尝试permitAll。我使用的是与我类似的用例。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/games/activated").permitAll()
}