我总是获得http状态403。我具有以下安全配置:

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .cors().and().csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/users/login/").permitAll()
        .anyRequest().authenticated();
}


@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    configuration.setAllowCredentials(true);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}


我无法发布到/ api / users / login


  2019-10-15 12:25:49.567 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m
  POST的“ / ERROR”的“ ERROR”调度,参数= {} [2m2019-10-15
  12:25:49.576 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m [2m --- [0; 39m
  [2m [nio-8080-exec-1] [0; 39m
  [36ms.w.s.m.m.a.RequestMappingHandlerMapping [0; 39m [2m:[0; 39m
  映射到公众
  org.springframework.http.ResponseEntity>
  org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
  [2m2019-10-15 12:25:49.605 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m
  使用[/]和受支持的[application / json,
  application / + json,application / json,application / + json]
  [2m2019-10-15 12:25:49.608 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m
  写作[{timestamp = Tue Oct 15 12:25:49 CEST 2019,status = 403,
  错误=禁止,消息=访问被拒绝,路径= /(被截断)...]
  [2m2019-10-15 12:25:49.661 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m
  从“错误”分发中退出,状态为403

最佳答案

尝试使用.antMatchers(HttpMethod.POST,"/api/users/login").permitAll(),还请注意您拥有.antMatchers("/api/users/login/"),并且您是在antMatchers中要求/api/users/login注意extra /的请求。

您还可以使用configure(WebSecurity web)来绕过Spring Security过滤器链,如here所述

07-24 09:32