我的目标是向我的 Java 项目添加安全类,除了“api/public/*”之类的路径。
当我在 POSTMAN 中请求时
http://localhost:8080/api/public/signup
使用 json 主体,我得到 401。这是我的安全类,它允许 api/public/* 的所有匹配器:
我错过了什么?
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.cors()
.and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
// don't create session
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/public/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
JwtAuthorizationTokenFilter authenticationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil);
httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers("/api/public/*");
}
最佳答案
Mvn clean 解决了我的问题。似乎构建不知何故停留在以前的状态。
mvn clean
关于Java Spring Boot 安全类配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57840417/