java如何在spring security中为每个人忽略一些资源/URL?
我有一些URL(现在有一个),我想允许每个用户注册和登录URL。我只想在注册后排除任何url路径,并保护或限制任何其他url
请参考以下代码:
package com.travelplanner.rest.config;
//COPY
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.User.UserBuilder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource securityDataSource;
@Bean
public UserDetailsManager userDetailsManager() {
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource(securityDataSource);
return jdbcUserDetailsManager;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(securityDataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().httpBasic().and().csrf().disable()
.authorizeRequests().antMatchers("/register/**").permitAll();
}
}
这是谷歌应用程序引擎中的spring mvc rest。我使用了上面的代码片段,它说即使是蚂蚁配对者也未经授权。请帮忙!提前谢谢
# 1 楼答案
可能是
httpBasic()部分需要身份验证。你应该首先给出具体的说明,最后给出更一般的说明,所以试着这样做:这允许每个人访问“api/users/register/user”,但需要对其他URL进行http身份验证