如何使用 Spring Security Oauth 忽略某些端点
How to ignore certain endpoints using Spring Security Oauth
我正在通过以下方式使用 Spring 安全性、oauth:
@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.jdbc(jdbcTemplate.getDataSource());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer.tokenStore(tokenStore())
.reuseRefreshTokens(true)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
我现在想确定 URL 的 public,这样访问这些资源不需要令牌。例如/public/**
我该怎么做?我需要使用 WebSecurityConfigurerAdapter 吗?感谢您的帮助!
更新
我添加了 WebSecurityConfigurerAdapter,如下所述。所以现在 /public/** URL 无需任何令牌即可访问。但是,所有其他端点不再可访问,并响应 403 Forbidden
你应该有这样的东西
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login*").permitAll();
}
要使路径 public/** 无需身份验证即可打开,您可以像下面这样配置 WebSecurityConfigurerAdapter:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/public/**").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
}
}
我是这样解决的:
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.GET, "/public/**").permitAll();
http.authorizeRequests().anyRequest().authenticated();
}
}
我正在通过以下方式使用 Spring 安全性、oauth:
@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.jdbc(jdbcTemplate.getDataSource());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer.tokenStore(tokenStore())
.reuseRefreshTokens(true)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
我现在想确定 URL 的 public,这样访问这些资源不需要令牌。例如/public/**
我该怎么做?我需要使用 WebSecurityConfigurerAdapter 吗?感谢您的帮助!
更新
我添加了 WebSecurityConfigurerAdapter,如下所述。所以现在 /public/** URL 无需任何令牌即可访问。但是,所有其他端点不再可访问,并响应 403 Forbidden
你应该有这样的东西
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login*").permitAll();
}
要使路径 public/** 无需身份验证即可打开,您可以像下面这样配置 WebSecurityConfigurerAdapter:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/public/**").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
}
}
我是这样解决的:
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.GET, "/public/**").permitAll();
http.authorizeRequests().anyRequest().authenticated();
}
}