我想启用“ROLE_ANONYMOUS”来允许匿名访问我的应用中的某些网址.我使用了以下配置.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestCache()
.requestCache(new NullRequestCache()).and()
.anonymous().authorities("ROLE_ANONYMOUS").and()
.exceptionHandling().and()
.servletApi().and()
.headers().cacheControl().and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/profile/image").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
//.antMatchers(HttpMethod.GET,"/login/**").permitAll()
//.antMatchers(HttpMethod.GET,"/location/**").permitAll()
.anyRequest().authenticated()/*.and()
.apply(new SpringSocialConfigurer())*/;
// custom Token based authentication based on the header previously given to the client
//.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService),UsernamePasswordAuthenticationFilter.class);
}
我的控制器看起来像:
@RestController
@RequestMapping(value="/login",produces="application/json")
public class LoginController {
@Secured( value={"ROLE_ANONYMOUS"})
@RequestMapping(method=RequestMethod.GET)
public String get(){
return "hello";
}
}
但是当我尝试点击“/ login”时,我得到了403拒绝访问错误.
请帮助我如何启用基于匿名访问的注释.
正如Faraj Farook所写,您必须允许访问您的登录页面URL.您评论了相关的线路:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.anonymous()
.authorities("ROLE_ANONYMOUS")
.and()
.headers()
.cacheControl()
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/profile/image").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers(HttpMethod.GET,"/login/**").permitAll()
.anyRequest().authenticated()
}
但是如果你不想使用permitAll(),你可以使用hasAuthority(“ROLE_ANONYMOUS”).在这种情况下,您无需使用注释方法
@Secured(value = {“ROLE_ANONYMOUS”}).
