Spring 安全性不适用于额外的 post url
Spring security not working for additional post url
这个问题我没有找到满意的答案。
我有一个安全配置,到目前为止一直运行良好。
我想再添加一个 POST url,所有人都可以访问。
虽然其他排除的 url 运行良好,但添加的额外添加的不起作用。
我的代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// -->this not working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}
这里的问题是
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
说验证所有从 /ws 开始的 URL 和 POST 请求但是
.antMatchers(HttpMethod.POST,"/ws/persons/createNotificationsSubscriber*").permitAll() // --> this not working
这从同一个 /ws 开始,这是一个 POST 请求,所以 Spring 不允许这个
要完成您的工作,请使用此-
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// --> This will work
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}
这个问题我没有找到满意的答案。
我有一个安全配置,到目前为止一直运行良好。
我想再添加一个 POST url,所有人都可以访问。
虽然其他排除的 url 运行良好,但添加的额外添加的不起作用。
我的代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// -->this not working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}
这里的问题是
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
说验证所有从 /ws 开始的 URL 和 POST 请求但是
.antMatchers(HttpMethod.POST,"/ws/persons/createNotificationsSubscriber*").permitAll() // --> this not working
这从同一个 /ws 开始,这是一个 POST 请求,所以 Spring 不允许这个
要完成您的工作,请使用此-
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// --> This will work
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}