我尝试了很多方法,但是当我打/ healthCheck URL时,提示输入用户名和密码。 我在EmailsecurityAdapter.java类中有以下代码
import com.cellpointmobile.email.services.AuthenticationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class EmailSecurityAdapter extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/healthCheck**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "**/heathCheck/*").permitAll()
.anyRequest()
.access("isFullyAuthenticated() and hasAnyRole('ROLE_ADMIN','ROLE_USER')")
.and()
.httpBasic();
}
@Bean
public PasswordEncoder passwordEncoder() {
//https://www.browserling.com/tools/bcrypt
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
}
我应该在configure()方法中进行哪些更改以公开访问healthCheck网址?
邮递员响应GET http://127.0.0.1:8080/heathCheck
<Map>
<timestamp>2019-09-13</timestamp>
<status>401</status>
<error>Unauthorized</error>
<message>Unauthorized</message>
<path>/heathCheck</path>
</Map>
答案 0 :(得分:1)
使用
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "**/heathCheck/**").permitAll()
.anyRequest()
.access("isFullyAuthenticated() and hasAnyRole('ROLE_ADMIN','ROLE_USER')")
.and()
.httpBasic();
}
或在 configure(WebSecurity web)中使用web.ignoring(),这将为为其指定的终结点安装所有安全过滤器。之后,您可以将其从configure(HttpSecurity http)中删除,并将configure(WebSecurity web)保持在configure(HttpSecurity http)上方。
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(HttpMethod.yourMethod, "**/heathCheck/**");
}
更新:
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(HttpMethod.yourMethod, "**/heathCheck/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "**/heathCheck/*").permitAll()
.anyRequest()
.access("isFullyAuthenticated() and hasAnyRole('ROLE_ADMIN','ROLE_USER')");
}