H2控制台和Spring Security-allowAll()不起作用 [英] H2 console and Spring Security - permitAll() not working
本文介绍了H2控制台和Spring Security-allowAll()不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在创建rest api并实现了Spring Security-一切正常,但我希望(目前,在我仍在开发中的)任何人都可以未经授权打开localhost:8080/console.我的代码:
I'm creating rest api and implemented Spring Security - everything works fine but I want (for now, when I'm still developing) to be able for anyone without authorization to open localhost:8080/console. My code:
@Override
protected void configure(HttpSecurity http) throws Exception {
// allow everyone to register an account; /console is just for testing
http.authorizeRequests().antMatchers("/register", "/console").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated();
// making H2 console working
http.headers().frameOptions().disable();
/*
https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
for non-browser APIs there is no need to use csrf protection
*/
http.csrf().disable();
}
真正奇怪的是-localhost:8080/register不需要任何身份验证,但是/console返回:
And what is really strange - localhost:8080/register doesn't need any authentication but /console returns:
{
"timestamp": 1485876313847,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/console"
}
有人知道如何解决吗?
推荐答案
我有类似的配置.你可以试试吗?
I have a similar configuration like this. Can you try that?
http
.authorizeRequests()
.antMatchers("/register").permitAll()
.and()
.authorizeRequests()
.antMatchers("/console/**").permitAll();
这篇关于H2控制台和Spring Security-allowAll()不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文