我有以下资源服务器配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers("/actuator/health").permitAll()
.mvcMatchers("/actuator/**", "/swagger-ui/**", "/v2/api-docs", "/togglz-console/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
}
以及以下rest控制器:
@RestController
@RequestMapping("companies")
public class CompanyController {
@PostMapping
public CompanyDto create(@RequestBody CompanyDto companyDto, JwtAuthenticationToken jwtAuthenticationToken) {
...
return new CompanyDto(company);
}
@GetMapping
@PreAuthorize("isAnonymous() or isFullyAuthenticated()")
public List<CompanyDto> findAllCompanies(CompanyDto companyDto) {
...
return companyDtos;
}
}
这是我的假客户:
@FeignClient(value = "companyApiClient", url = "http://localhost:${local.server.port}/api/companies")
public interface CompanyApiClient {
@GetMapping
List<CompanyDto> findAllCompanies(CompanyDto companyDto);
}
我希望能够访问 findAllCompanies
对于匿名或经过身份验证的用户,这就是我添加 @PreAuthorize("isAnonymous() or isFullyAuthenticated()")
注解在那里。但是在调用
companyapclient.findallcompanies(新companydto(“company1 name”,“company1 description”));
我仍然收到以下错误:
feign.FeignException$Unauthorized: [401] during [GET] to [http://localhost:53238/api/companies] [CompanyApiClient#findAllCompanies(CompanyDto)]: []
at feign.FeignException.clientErrorStatus(FeignException.java:197)
at feign.FeignException.errorStatus(FeignException.java:177)
at feign.FeignException.errorStatus(FeignException.java:169)
如何正确配置findallcompanies控制器方法,以便同时为匿名或经过身份验证的用户授予访问权限?有可能通过注解实现吗?
暂无答案!
目前还没有任何答案,快来回答吧!