jwt的spring安全配置,允许所有请求在ui上 swagger

j5fpnvbx  于 2021-06-29  发布在  Java
关注(0)|答案(1)|浏览(489)

我有下面的jwt配置,但是我想允许所有请求进入我的swagger用户界面我尝试过用permitall()添加antmatcher,但是没有成功。
有人能帮我吗?

@EnableWebSecurity
public class JwtAuthConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .oauth2ResourceServer()
                .jwt()
                .jwtAuthenticationConverter(getJwtAuthenticationConverter());
    }

    private Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
        JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
        converter.setJwtGrantedAuthoritiesConverter(jwt -> {
            Map<String, Object> claims = jwt.getClaims();
            String userType = (String) claims.get("custom:userType");
            Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
            if(!StringUtils.isEmpty(userType))
                grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + userType));
            return grantedAuthorities;
        });
        return converter;
    }
}

我也定义了这个rest前缀:

server:
  port: 5000
  servlet:
    context-path: /api/v1
23c0lvtd

23c0lvtd1#

我猜你需要这样的东西:

http.authorizeRequests()
  .antMatchers("/swagger/**").permitAll()
  ...

看起来您仍然需要确保其他请求使用oauth过滤器进行了身份验证。看看这里的.authenticated()示例:oauth filter spring

相关问题