您好我为我的项目添加了休息网络服务..当我在没有登录我的帐户的情况下拨打休息服务时,我的休息服务重定向到登录页面...如何仅为网络服务URL删除此功能.. ..其他网址需要这种安全性....
这是我的安全配置
package lk.slsi.security.configuration;
import lk.slsi.security.services.AuthenticationService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
/**
* Created by ignotus on 1/26/2017.
*/
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class);
@Autowired
private AuthenticationService authenticationService;
private RequestMatcher requestMatcher = new RequestMatcher() {
private AntPathRequestMatcher[] disableCsrfMatcher = {
new AntPathRequestMatcher("*/**")
};
@Override
public boolean matches(HttpServletRequest httpServletRequest) {
for (AntPathRequestMatcher match : disableCsrfMatcher) {
if (match.matches(httpServletRequest)) {
return false;
}
}
return true;
}
};
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/restservice/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/view/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and().logout().invalidateHttpSession(true)
.permitAll().logoutSuccessUrl("/");
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
ShaPasswordEncoder encoder = new ShaPasswordEncoder(224);
try {
auth.userDetailsService(authenticationService).passwordEncoder(encoder);
} catch (Exception e) {
logger.error("Error Occurred while authentication. [{}]", e);
}
}
}
这是我的休息服务配置类(JAX-RS)
@ApplicationPath("TransferPermit/SlsitoCustoms/")
public class restConfig extends Application{
}
这是我的休息服务控制器
@Path("getby")
public class webServiceforCustoms {
@Autowired
private permitServices permitServices;
/**
* Creates a new instance of GenericResource
*/
public webServiceforCustoms() {
}
/**
* Retrieves representation of an instance of lk.slsi.GenericResource
*
* @param id
* @return an instance of java.lang.String
*/
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/date/{dtIssue}")
public List<CustomsPermit> getXmlbyDate(@PathParam("dtIssue") String dtIssue) {
List<CustomsPermit> permitRelease = permitServices.getPermitByDate(dtIssue);
return permitRelease;
}
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/id/{SNumber}")
public CustomsPermit getXmlbyEntryNo(@PathParam("SNumber") String SNumber) {
CustomsPermit permitRelease = permitServices.getPermitBySNumber(SNumber);
return permitRelease;
}
@GET
@Produces(MediaType.APPLICATION_XML)
@Path("/vatno/{importerVAT}")
public List<CustomsPermit> getXmlbyVATNo(@PathParam("importerVAT") String importerVAT) {
List<CustomsPermit> permitRelease = permitServices.getPermitByImporterVAT(importerVAT);
return permitRelease;
}
/**
* PUT method for updating or creating an instance of GenericResourcer
*
* @param content representation for the resource
*/
@PUT
@Consumes(MediaType.APPLICATION_XML)
public void putXml(String content) {
}
}
答案 0 :(得分:1)
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/restservice/**");
}
从configure中删除它并添加此
.antMatchers("/restservice/**"").permitAll()