gpt4 book ai didi

java - 无法使用 oauth2 添加 spring security 的自定义配置

转载 作者:行者123 更新时间:2023-12-02 11:50:43 26 4
gpt4 key购买 nike

我有一个 Spring Boot 应用程序,可以与 oauth2 (作为资源服务器)一起正常工作。没有自定义的 configure(HttpSecurity http) 方法。仅

spring-boot-starter-security
spring-security-oauth2
spring-security-jwt

添加到pom中。

现在我想添加应该不 protected 端点。所以(在许多SO回复之后)我开始添加:

@Configuration
public class Security extends ResourceServerConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
}
}

然后我得到:

Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@6513fd22 to already built object

完整错误:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@6513fd22 to already built object

那么我应该如何配置安全性来添加匿名访问端点?

最佳答案

错误来自 configure() 方法中的空主体。

您必须明确指定它。例如(来 self 们的工作应用程序):

@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/unprotected/sample/find/**").permitAll()
.antMatchers("/unprotected/another/register").permitAll()
.anyRequest().authenticated().and()
.csrf().disable();
}

/unprotected/sample/find/**/unprotected/sample/find/** 匹配的端点不 protected ,其他所有内容都受到保护。

当然,不 protected 端点不应定义任何@PreAuthorize()

关于java - 无法使用 oauth2 添加 spring security 的自定义配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47889956/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com