我正在使用Spring Security,这是我在configure中的WebSecurityConfig方法,扩展了WebSecurityConfigurerAdapter。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token", "/oauth/revoke-token", "/api/**")
.and()
.requestMatchers().antMatchers(HttpMethod.GET, "/swagger-ui.html","/configuration/**", "/v2/api-docs/**")
.and()
.csrf().disable()
.authorizeRequests().anyRequest().permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
问题是,当我使用该URL http://localhost:5050/api/request进行GET请求调用时,我得到了正确的响应。
但是,当我在http://localhost:5050/api/role上进行GET操作时,我得到了401 unauthorized error - Full authentication is required to access this resource.
我不明白我在做什么错。
更新
我仍然不知道问题出在哪里,但是我在进行API调用时将其添加到了Angular 4项目中。
let headers = new Headers({
'Authorization': 'Bearer ' + localStorage.getItem('access_token'),
'Content-Type': 'application/json; charset=utf-8'
});
let options = new RequestOptions({ headers: headers });
return this.http.get(AppSettings.API_ENDPOINT + 'api/role/', options)
.map((response) => response.json());