spring-boot - 用于匿名或经过身份验证的用户的 Spring Security Rest 控制器方法

问题描述

我有以下资源服务器配置：

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .mvcMatchers("/actuator/health").permitAll()
            .mvcMatchers("/actuator/**", "/swagger-ui/**", "/v2/api-docs", "/togglz-console/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
}

和以下休息控制器：

@RestController
@RequestMapping("companies")
public class CompanyController {

    @PostMapping
    public CompanyDto create(@RequestBody CompanyDto companyDto, JwtAuthenticationToken jwtAuthenticationToken) {
        ...
        return new CompanyDto(company);
    }

  
    @GetMapping
    @PreAuthorize("isAnonymous() or isFullyAuthenticated()")
    public List<CompanyDto> findAllCompanies(CompanyDto companyDto) {
        ...
        return companyDtos;
    }

}

这是我的 Feign 客户：

@FeignClient(value = "companyApiClient", url = "http://localhost:${local.server.port}/api/companies")
public interface CompanyApiClient {

    @GetMapping
    List<CompanyDto> findAllCompanies(CompanyDto companyDto);

}

我希望能够findAllCompanies使用匿名或经过身份验证的用户进行访问，这就是我在@PreAuthorize("isAnonymous() or isFullyAuthenticated()")那里添加注释的原因。但是在调用过程中

companyApiClient.findAllCompanies(new CompanyDto("Company1 name", "Company1 description"));

我仍然收到以下错误：

feign.FeignException$Unauthorized: [401] during [GET] to [http://localhost:53238/api/companies] [CompanyApiClient#findAllCompanies(CompanyDto)]: []

    at feign.FeignException.clientErrorStatus(FeignException.java:197)
    at feign.FeignException.errorStatus(FeignException.java:177)
    at feign.FeignException.errorStatus(FeignException.java:169)

如何正确配置 findAllCompanies 控制器方法以同时授予匿名或经过身份验证的用户的访问权限？是否可以通过注释来实现？

标签： spring-bootspring-securityspring-restcontrollerfeign