如何使用Spring Security Oauth忽略某些端点

问题描述 投票:0回答:2

我正在以以下方式使用Spring安全性,oauth:

@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
            .jdbc(jdbcTemplate.getDataSource());

  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {

    configurer.tokenStore(tokenStore())
            .reuseRefreshTokens(true)
            .authenticationManager(authenticationManager)
            .userDetailsService(userDetailsService);

  }

}

我现在想公开某些URL,因此不需要令牌即可访问这些资源。例如/public/**

我将如何做?我需要使用WebSecurityConfigurerAdapter吗?感谢您的帮助!

java spring-boot spring-security-oauth2
2个回答
0
投票

您应该有这样的东西

@Override
protected void configure(HttpSecurity http) throws Exception {

http.authorizeRequests().antMatchers("/login*").permitAll();

}

0
投票

为了使路径public/**在未经身份验证的情况下打开,您可以如下配置WebSecurityConfigurerAdapter

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests().antMatchers("/public/**").permitAll()
      .and()
      .authorizeRequests().anyRequest().authenticated();
  }
}
© www.soinside.com 2019 - 2024. All rights reserved.