未经授权的用户访问某些URL

时间:2018-07-16 11:46:30

标签: java spring-boot spring-security

我使用Oauth并想创建用户,但有错误

POST http://localhost:4200/proxy/user/createUser 401 (Unauthorized)

在春季,我有一些配置

@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/createUser", "/user/**", "/user/createUser", "proxy/user/createUser").permitAll();
        http.csrf().disable();
        http.formLogin().disable();
        http.authorizeRequests().anyRequest().authenticated();
    }
}

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/createUser", "/register", "/token", "/token/createUser", "proxy/user/createUser").permitAll();
        http.requestMatchers()
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated();
    }
}

要访问../createUser,需要进行哪些配置更改?

1 个答案:

答案 0 :(得分:2)

看起来像http.authorizeRequests().anyRequest().authenticated(),这在代码中造成了问题。只需将WebSecurity更改为

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
         .authorizeRequests().antMatchers("/createUser", "/user/**", "/user/createUser", "proxy/user/createUser")
         .permitAll()
         .formLogin().disable();

}}`

AND

ResourceServerConfig中将

更改为

http.authorizeRequests() .antMatchers("/createUser", "/register", "/token", "/token/createUser", "proxy/user/createUser") .permitAll();

有关详细信息,请参见Security-config