春季引导漫游访问和匿名访问时有上下文路径

Question

嗨我有两个网址，

但这些规则不起作用。

/r is spring.jersey.application-path 

1.http://localhost:6080/r/helloauthrozied/1234 
    Expected:I want to permit only users with ABCD roles 
    Actual: Users with out these roles can also access 
2.http://localhost:6080/r/hellonoauthrozied/1234 
    Expected:Permit anonymous access. No Authentication is required 
    Actual:Expecting Authnetication 

有人可以帮助我。

我做了春天，引导配置这样

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private ApiUserDetailsService userDetails; 

    @Bean 
    public ShaPasswordEncoder passwordEncoder() { 
    return new ShaPasswordEncoder(); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    ReflectionSaltSource salt = new ReflectionSaltSource(); 
    salt.setUserPropertyToUse("username"); 
    DaoAuthenticationProvider dao = new DaoAuthenticationProvider(); 
    dao.setUserDetailsService(userDetails); 
    dao.setPasswordEncoder(passwordEncoder()); 
    dao.setSaltSource(salt); 
    auth.authenticationProvider(dao); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    http 
    .authorizeRequests() 
     .antMatchers("/hellonoauthrozied/**").permitAll() 
     .antMatchers("/helloauthrozied/**").hasAnyRole("ABCD") 
    .anyRequest().authenticated().and().csrf().disable().httpBasic(); 
    } 


} 

Answer 1

尝试添加requestMatchers()条款是这样的：

http 
    .requestMatchers() 
    .antMatchers("/hellonoauthrozied/**", "/helloauthrozied/**") 
.and() 
    .authorizeRequests() 
    .antMatchers("/hellonoauthrozied/**") 
     .permitAll() // or .anonymous() if you only want non-connected users 
    .antMatchers("/helloauthrozied/**") 
     .hasAnyRole("ABCD") 
    .anyRequest() 
     .authenticated() 
     .and() 
     .csrf().disable() 
     .httpBasic();