0
嗨我有两个网址,春季引导漫游访问和匿名访问时有上下文路径
但这些规则不起作用。
/r is spring.jersey.application-path
1.http://localhost:6080/r/helloauthrozied/1234
Expected:I want to permit only users with ABCD roles
Actual: Users with out these roles can also access
2.http://localhost:6080/r/hellonoauthrozied/1234
Expected:Permit anonymous access. No Authentication is required
Actual:Expecting Authnetication
有人可以帮助我。
我做了春天,引导配置这样
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ApiUserDetailsService userDetails;
@Bean
public ShaPasswordEncoder passwordEncoder() {
return new ShaPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
ReflectionSaltSource salt = new ReflectionSaltSource();
salt.setUserPropertyToUse("username");
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(userDetails);
dao.setPasswordEncoder(passwordEncoder());
dao.setSaltSource(salt);
auth.authenticationProvider(dao);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.authorizeRequests()
.antMatchers("/hellonoauthrozied/**").permitAll()
.antMatchers("/helloauthrozied/**").hasAnyRole("ABCD")
.anyRequest().authenticated().and().csrf().disable().httpBasic();
}
}
是'R /''中的http://本地主机:6080/R/'你的控制器中的根环境或附加的URL部分? – kagmole
@kagmole这是应用程序的根上下文 – Patan