我有这些链接,我想使用它们来获取未经身份验证的数据:
GET http://localhost:8080/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a
POST http://localhost:8080/web_payment/en/payment/1234566666
我尝试使用此Spring Security配置:
@Configuration
@EnableWebSecurity
@Import(value = { Application.class, ContextDatasource.class })
@ComponentScan(basePackages = { "org.datalis.web.payment.server.*" })
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthEntryPoint authenticationEntryPoint;
@Autowired
MerchantAuthService myUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(myUserDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/*/payment/*").permitAll().anyRequest().permitAll();
http.authorizeRequests().antMatchers("/wpf/*").permitAll().anyRequest().permitAll();
http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
但是当我向http://localhost:8080/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a发出GET请求时
我知道
<?xml version='1.0' encoding='UTF-8'?>
<Map>
<timestamp>1552646237152</timestamp>
<status>401</status>
<error>Unauthorized</error>
<message>Unauthorized</message>
<path>/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a</path>
</Map>
您知道我需要应用什么配置才能仅将访问权限应用于这些链接吗?