我总是获得http状态403。我具有以下安全配置:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/api/users/login/").permitAll()
.anyRequest().authenticated();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
我无法发布到/ api / users / login
2019-10-15 12:25:49.567 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
[2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
[36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m
POST的“ / ERROR”的“ ERROR”调度,参数= {} [2m2019-10-15
12:25:49.576 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m [2m --- [0; 39m
[2m [nio-8080-exec-1] [0; 39m
[36ms.w.s.m.m.a.RequestMappingHandlerMapping [0; 39m [2m:[0; 39m
映射到公众
org.springframework.http.ResponseEntity>
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
[2m2019-10-15 12:25:49.605 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
[2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
[36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m
使用[/]和受支持的[application / json,
application / + json,application / json,application / + json]
[2m2019-10-15 12:25:49.608 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
[2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
[36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m:[0; 39m
写作[{timestamp = Tue Oct 15 12:25:49 CEST 2019,status = 403,
错误=禁止,消息=访问被拒绝,路径= /(被截断)...]
[2m2019-10-15 12:25:49.661 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
[2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
[36mo.s.web.servlet.DispatcherServlet [0; 39m [2m:[0; 39m
从“错误”分发中退出,状态为403
最佳答案
尝试使用.antMatchers(HttpMethod.POST,"/api/users/login").permitAll()
,还请注意您拥有.antMatchers("/api/users/login/")
,并且您是在antMatchers中要求/api/users/login
注意extra /的请求。
您还可以使用configure(WebSecurity web)
来绕过Spring Security过滤器链,如here所述