spring - 配置 Spring Security 以允许请求链接
问题描述
我有这些链接,我想用它们来获取未经身份验证的数据:
GET http://localhost:8080/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a
POST http://localhost:8080/web_payment/en/payment/1234566666
我尝试使用这个 Spring Security 配置:
@Configuration
@EnableWebSecurity
@Import(value = { Application.class, ContextDatasource.class })
@ComponentScan(basePackages = { "org.datalis.web.payment.server.*" })
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthEntryPoint authenticationEntryPoint;
@Autowired
MerchantAuthService myUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(myUserDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/*/payment/*").permitAll().anyRequest().permitAll();
http.authorizeRequests().antMatchers("/wpf/*").permitAll().anyRequest().permitAll();
http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
但是当我向 http://localhost:8080/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a
我明白了
<?xml version='1.0' encoding='UTF-8'?>
<Map>
<timestamp>1552646237152</timestamp>
<status>401</status>
<error>Unauthorized</error>
<message>Unauthorized</message>
<path>/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a</path>
</Map>
您知道我需要应用什么配置才能仅对这些链接应用访问权限吗?
解决方案
推荐阅读
- ios - 在iOS中,当应用程序处于后台状态时如何重新打开应用程序?
- perl - 查询 Perl 输出
- oracle - 如何提高oracle中的单次插入性能
- python-3.x - 在随机森林中使用 predict() 与 predict_proba() 计算时,ROC_AUC_SCORE 不同
- python - 比较两个列表以获取不匹配的元素
- python - 如何在多维数据上显示 K 均值聚类的输出?
- grep - 如何使用 grep 从日志文件中提取 IP 地址和日期/时间字符串?
- time - 23:59:60 什么时候是编程的有效时间?
- python - IxNetwork python 库:在加载的 ixncfg 文件中看不到流量项
- c# - 如何删除 csv 文件中管道字符串之间的逗号,例如 |Ana "ana" Ana|, |adda,adda|