即使添加 http.authorizeRequests().anyRequest().permitAll(); 所有请求都是未经授权的。
这是我的WebSecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
securedEnabled = true,
jsr250Enabled = true,
prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsServiceImpl userDetailsService;
@Autowired
private AuthEntryPointJwt unauthorizedHandler;
@Bean
public AuthTokenFilter authenticationJwtTokenFilter() {
return new AuthTokenFilter();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
我有什么遗漏吗?
编辑:我还在 application.properties 中添加了此配置
security.basic.enable: false
security.ignored=/**
最佳答案
配置类看起来不错。确保在运行项目之前“构建”您的项目。我复制了您的配置文件,它对我有用。
关于java - Spring boot 所有请求未授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62374169/