spring-boot - Spring Security - 只允许带有前缀的请求

问题描述

我需要保护我们的资源服务器中的所有其余端点，除了以/unsecured. 因此，每个人都应该允许以下请求：

/unsecured/foo/bar
/unsecured
...

但像这样的请求：

/foo/unsecured/bar
/foo/bar
...

应该需要认证。

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity security) throws Exception {
        security
            .authorizeRequests(authorizeRequests -> {
                authorizeRequests.antMatchers("unsecured/**").permitAll();
                authorizeRequests.anyRequest().authenticated();
            });
    }
}

但在上面的配置中，所有端点都需要身份验证。

这是我尝试访问不安全端点时收到的响应：

代码 401

{
    "error": "unauthorized",
    "error_description": "Full authentication is required to access this resource"
}

标签： spring-bootspring-mvcspring-securityspring-security-oauth2

premitAll() 是您正在寻找的。看起来您只是缺少 URL 之前的 /

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity security) throws Exception {
        security
            .authorizeRequests(authorizeRequests - > {
                authorizeRequests.antMatchers("/unsecured/**").permitAll();
                authorizeRequests.anyRequest().authenticated();
            });
    }
}

spring-boot - Spring Security - 只允许带有前缀的请求

问题描述

解决方案

推荐阅读