用于匿名或身份验证用户的spring security rest控制器方法

brc7rcf0  于 2021-09-29  发布在  Java
关注(0)|答案(0)|浏览(259)

我有以下资源服务器配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .mvcMatchers("/actuator/health").permitAll()
            .mvcMatchers("/actuator/**", "/swagger-ui/**", "/v2/api-docs", "/togglz-console/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
}

以及以下rest控制器:

@RestController
@RequestMapping("companies")
public class CompanyController {

    @PostMapping
    public CompanyDto create(@RequestBody CompanyDto companyDto, JwtAuthenticationToken jwtAuthenticationToken) {
        ...
        return new CompanyDto(company);
    }

    @GetMapping
    @PreAuthorize("isAnonymous() or isFullyAuthenticated()")
    public List<CompanyDto> findAllCompanies(CompanyDto companyDto) {
        ...
        return companyDtos;
    }

}

这是我的假客户:

@FeignClient(value = "companyApiClient", url = "http://localhost:${local.server.port}/api/companies")
public interface CompanyApiClient {

    @GetMapping
    List<CompanyDto> findAllCompanies(CompanyDto companyDto);

}

我希望能够访问 findAllCompanies 对于匿名或经过身份验证的用户,这就是我添加 @PreAuthorize("isAnonymous() or isFullyAuthenticated()") 注解在那里。但是在调用
companyapclient.findallcompanies(新companydto(“company1 name”,“company1 description”));
我仍然收到以下错误:

feign.FeignException$Unauthorized: [401] during [GET] to [http://localhost:53238/api/companies] [CompanyApiClient#findAllCompanies(CompanyDto)]: []

    at feign.FeignException.clientErrorStatus(FeignException.java:197)
    at feign.FeignException.errorStatus(FeignException.java:177)
    at feign.FeignException.errorStatus(FeignException.java:169)

如何正确配置findallcompanies控制器方法,以便同时为匿名或经过身份验证的用户授予访问权限?有可能通过注解实现吗?

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题