使用 spring 安全和 oAuth2 保护的 Jersey webservice 方法的匿名访问
Anonymous access of method from Jersey webservice which is secured with spring security and oAuth2
我有一个处理个人帐户 CRUD 的 Jersey Rest Web 服务。
我有 spring security+ oAuth2 来保护这个 api ,我无法配置的是,我想匿名创建帐户方法。我尝试配置拦截 url 但它在方法级别不起作用。所以我需要为此目的单独编写 class 还是没有它我也可以实现。
示例class代码
public class AccountResource{
createAccount() --- I want this method to be accessed by Anonymous uers so they can create account without generating tokens.
updateAccount() --
findAccount() --
deleteAccont()--
}
使所有以“/services/rest/**”开头的调用安全的配置代码
<http pattern="/services/rest/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/services/rest/**" method="GET" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="POST" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="PUT" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="DELETE" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
如何将安全配置中 POST 请求的配置更改为:
<intercept-url pattern="/services/rest/**" access="permitAll" method="POST" />
我有一个处理个人帐户 CRUD 的 Jersey Rest Web 服务。
我有 spring security+ oAuth2 来保护这个 api ,我无法配置的是,我想匿名创建帐户方法。我尝试配置拦截 url 但它在方法级别不起作用。所以我需要为此目的单独编写 class 还是没有它我也可以实现。
示例class代码
public class AccountResource{
createAccount() --- I want this method to be accessed by Anonymous uers so they can create account without generating tokens.
updateAccount() --
findAccount() --
deleteAccont()--
}
使所有以“/services/rest/**”开头的调用安全的配置代码
<http pattern="/services/rest/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/services/rest/**" method="GET" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="POST" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="PUT" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="DELETE" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
如何将安全配置中 POST 请求的配置更改为:
<intercept-url pattern="/services/rest/**" access="permitAll" method="POST" />