基于Java的配置以启用Spring Security匿名访问 [英] Java based configuration to enable spring security anonymous access
问题描述
我想启用"ROLE_ANONYMOUS" ,以允许匿名访问我的应用程序中的某些网址.我使用了以下配置.
I want to enable the use of "ROLE_ANONYMOUS" to allow anonymous access to some urls in my app. And I used the below configuration.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestCache()
.requestCache(new NullRequestCache()).and()
.anonymous().authorities("ROLE_ANONYMOUS").and()
.exceptionHandling().and()
.servletApi().and()
.headers().cacheControl().and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/profile/image").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
//.antMatchers(HttpMethod.GET, "/login/**").permitAll()
//.antMatchers(HttpMethod.GET, "/location/**").permitAll()
.anyRequest().authenticated()/*.and()
.apply(new SpringSocialConfigurer())*/;
// custom Token based authentication based on the header previously given to the client
//.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
}
我的控制器如下:
@RestController
@RequestMapping(value="/login", produces="application/json")
public class LoginController {
@Secured( value={"ROLE_ANONYMOUS"})
@RequestMapping(method=RequestMethod.GET)
public String get(){
return "hello";
}
}
但是,当我尝试点击"/login"时,出现403访问被拒绝的错误. 请帮助我如何启用基于注释的匿名访问.
But when I try to hit "/login" I get 403 access denied error. Please help me how I can enable annotation based anonymous access.
推荐答案
如Faraj Farook所写,您必须允许访问您的登录页面URL.您评论了相关行:
As Faraj Farook wrote, you have to permit access to your login page URL. You commented the relevant line out:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.anonymous()
.authorities("ROLE_ANONYMOUS")
.and()
.headers()
.cacheControl()
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/profile/image").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers(HttpMethod.GET, "/login/**").permitAll()
.anyRequest().authenticated()
}
但是,如果您不想使用permitAll()
,则可以使用hasAuthority("ROLE_ANONYMOUS")
.在这种情况下,您不需要使用
@Secured( value={"ROLE_ANONYMOUS"})
.
But if you prefer not to use permitAll()
you could use hasAuthority("ROLE_ANONYMOUS")
. In this case you don't need to annotate your method with
@Secured( value={"ROLE_ANONYMOUS"})
.
这篇关于基于Java的配置以启用Spring Security匿名访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!