我已经配置了spring boot和jwt。当我从邮递员那里调用/ authenticate / login时,它会按预期被忽略并生成一个jwt令牌。当我从swagger-ui.html调用相同的API时,不会忽略该请求。相反,将为jwt令牌处理它并返回401异常。
http.cors()
.and()
.csrf()enter code here
.disable()
.authorizeReques`enter code here`ts()
.antMatchers("/v2/api-docs/**").permitAll()
.antMatchers("/swagger-resources/configuration/ui").permitAll()
.antMatchers("/swagger-ui.html").permitAll()
.antMatchers("/webjars/springfox-swagger-ui/**").permitAll()
.antMatchers("/swagger-resources**").permitAll()
.antMatchers("/swagger.json").permitAll()
.antMatchers("/swagger-resources/configuration/security").permitAll()
.antMatchers("/authenticate/*", "/user/forgotpassword").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
下面是我昂首阔步的配置代码:
@Configuration
@EnableSwagger2
@Profile("!prod")
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.any())
.build()
.enable(true)
.securitySchemes(Arrays.asList(apiKey()));
}
@Bean
SecurityConfiguration security() {
return new SecurityConfiguration(null, null, null, null, "Bearer access_token", ApiKeyVehicle.HEADER,
SecurityConstants.AUTHORIZATION_HEADER, ",");
}
private ApiKey apiKey() {
return new ApiKey("Authorization", "Authorization", "header");
}
}
招摇和邮递员使用相同的网址,但行为不同。 是什么导致这种奇怪的行为?