gpt4 book ai didi

java - Spring Security - permitAll() 不允许未经身份验证的访问

转载 作者:行者123 更新时间:2023-11-30 12:06:42 24 4
gpt4 key购买 nike

我只想允许未经身份验证的人访问几个路径:/everyone1/something1、/everyone2/something2 和/everyone3/**。对于其余路径,我希望只允许经过身份验证的请求。

现在,我有“class WebSecurityConfig extends WebSecurityConfigurerAdapter”:

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(
jwtUtils, this.accessCookie, this.selectedRoleScopeCookie);

httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

httpSecurity.cors().and().csrf().disable();

httpSecurity.authorizeRequests()
.antMatchers("/everyone1/something1", "/everyone2/something2", "/everyone3/**")
.permitAll()
.anyRequest().authenticated()
.and().httpBasic().disable();
}

在“jwtAuthenticationFilter”中,我将身份验证设置为:

  private void setAuthentication2(String username, String someData, boolean authenticated) {
User user = new User(username, "", new ArrayList<>());
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
if (!authenticated) {
authentication.setAuthenticated(false);
}

AuthenticationDetails authenticationDetails = new AuthenticationDetails(someData);
authentication.setDetails(authenticationDetails);

SecurityContextHolder.getContext().setAuthentication(authentication);
}

不幸的是,上面的配置阻止了每个请求,包括经过身份验证和未经过身份验证的请求。

如有任何帮助,我们将不胜感激。

谢谢!

最佳答案

此方法为经过身份验证的请求授权一些路径。你需要的是:

@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/everyone1/something1", "/everyone2/something2", "/everyone3/**");
}

然后匿名请求可以访问这个路径。

关于java - Spring Security - permitAll() 不允许未经身份验证的访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55402220/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com