我正在创建rest API并实现Spring Security -一切都运行良好,但我希望(目前,我还在开发中)任何人都能在未经授权的情况下打开localhost:8080/console。
@Override
protected void configure(HttpSecurity http) throws Exception {
// allow everyone to register an account; /console is just for testing
http.authorizeRequests().antMatchers("/register", "/console").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated();
// making H2 console working
http.headers().frameOptions().disable();
/*
https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
for non-browser APIs there is no need to use csrf protection
*/
http.csrf().disable();
}真正奇怪的是- localhost:8080/register不需要任何身份验证,但/console返回:
{
"timestamp": 1485876313847,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/console"
}有人知道怎么修吗?
5条答案
按热度按时间92dk7w1h1#
我也有同样的问题:
最终
WebSecurityConfigurerAdapter:emeijp432#
我通过以下方法解决了问题:
eaf3rand3#
我有一个类似的配置。你能试试吗?
6tdlim6h4#
我通过以下方法解决了问题:
http.头文件().帧选项().相同的源文件();
qvsjd97n5#
解决人:
并为
toH2Console()导入: