我想启用“ROLE_ANONYMOUS”来允许匿名访问我的应用中的某些网址.我使用了以下配置.
@Override protected void configure(HttpSecurity http) throws Exception { http .requestCache() .requestCache(new NullRequestCache()).and() .anonymous().authorities("ROLE_ANONYMOUS").and() .exceptionHandling().and() .servletApi().and() .headers().cacheControl().and() .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/profile/image").permitAll() .antMatchers("/favicon.ico").permitAll() .antMatchers("/resources/**").permitAll() //.antMatchers(HttpMethod.GET,"/login/**").permitAll() //.antMatchers(HttpMethod.GET,"/location/**").permitAll() .anyRequest().authenticated()/*.and() .apply(new SpringSocialConfigurer())*/; // custom Token based authentication based on the header prevIoUsly given to the client //.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService),UsernamePasswordAuthenticationFilter.class); }@H_404_8@我的控制器看起来像:
@RestController @RequestMapping(value="/login",produces="application/json") public class LoginController { @Secured( value={"ROLE_ANONYMOUS"}) @RequestMapping(method=RequestMethod.GET) public String get(){ return "hello"; } }@H_404_8@
最佳答案
正如Faraj Farook所写,您必须允许访问您的登录页面URL.您评论了相关的线路:
@Override protected void configure(HttpSecurity http) throws Exception { http .anonymous() .authorities("ROLE_ANONYMOUS") .and() .headers() .cacheControl() .and() .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/profile/image").permitAll() .antMatchers("/favicon.ico").permitAll() .antMatchers("/resources/**").permitAll() .antMatchers(HttpMethod.GET,"/login/**").permitAll() .anyRequest().authenticated() }@H_404_8@但是如果你不想使用permitAll(),你可以使用hasAuthority(“ROLE_ANONYMOUS”).在这种情况下,您无需使用注释方法
@Secured(value = {“ROLE_ANONYMOUS”}).