java - Spring Boot HttpSecurity总是403禁止

我总是获得http状态403。我具有以下安全配置：

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .cors().and().csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/users/login/").permitAll()
        .anyRequest().authenticated();
}


@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    configuration.setAllowCredentials(true);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

我无法发布到/ api / users / login

  2019-10-15 12：25：49.567 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m：[0; 39m
  POST的“ / ERROR”的“ ERROR”调度，参数= {} [2m2019-10-15
  12：25：49.576 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m [2m --- [0; 39m
  [2m [nio-8080-exec-1] [0; 39m
  [36ms.w.s.m.m.a.RequestMappingHandlerMapping [0; 39m [2m：[0; 39m
  映射到公众
  org.springframework.http.ResponseEntity>
  org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error（javax.servlet.http.HttpServletRequest）
  [2m2019-10-15 12：25：49.605 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m：[0; 39m
  使用[/]和受支持的[application / json，
  application / + json，application / json，application / + json]
  [2m2019-10-15 12：25：49.608 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0; 39m [2m：[0; 39m
  写作[{timestamp = Tue Oct 15 12:25:49 CEST 2019，status = 403，
  错误=禁止，消息=访问被拒绝，路径= /（被截断）...]
  [2m2019-10-15 12：25：49.661 [0; 39m [32mDEBUG [0; 39m [35m7423 [0; 39m
  [2m --- [0; 39m [2m [nio-8080-exec-1] [0; 39m
  [36mo.s.web.servlet.DispatcherServlet [0; 39m [2m：[0; 39m
  从“错误”分发中退出，状态为403

最佳答案

尝试使用.antMatchers(HttpMethod.POST,"/api/users/login").permitAll()，还请注意您拥有.antMatchers("/api/users/login/")，并且您是在antMatchers中要求/api/users/login注意extra /的请求。

您还可以使用configure(WebSecurity web)来绕过Spring Security过滤器链，如here所述