我正在创建rest api并实现Spring Security - 一切正常,但我希望(目前,当我仍在开发时)能够让任何未经授权的人打开localhost:8080/console。
我的代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
// allow everyone to register an account; /console is just for testing
http.authorizeRequests().antMatchers("/register", "/console").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated();
// making H2 console working
http.headers().frameOptions().disable();
/*
https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
for non-browser APIs there is no need to use csrf protection
*/
http.csrf().disable();
}
真正奇怪的是 - localhost:8080/register 不需要任何身份验证,但 /console 返回:
{
"timestamp": 1485876313847,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/console"
}
有人知道如何修复它吗?
就我而言,有同样的问题:
csrf().ignoringAntMatchers("/h2-console/**")
final WebSecurityConfigurerAdapter
:
http.authorizeRequests().antMatchers("/").permitAll()
.and()
.authorizeRequests().antMatchers("/h2-console/**").permitAll()
.and()
.headers().frameOptions().disable()
.and()
.csrf().ignoringAntMatchers("/h2-console/**")
.and()
.cors().disable();
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)