我正在以以下方式使用Spring安全性,oauth:
@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.jdbc(jdbcTemplate.getDataSource());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer.tokenStore(tokenStore())
.reuseRefreshTokens(true)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
我现在想公开某些URL,因此不需要令牌即可访问这些资源。例如/public/**
我将如何做?我需要使用WebSecurityConfigurerAdapter吗?感谢您的帮助!
您应该有这样的东西
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login*").permitAll();
}
为了使路径public/**在未经身份验证的情况下打开,您可以如下配置WebSecurityConfigurerAdapter:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/public/**").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
}
}