英文:
Spring Boot Rest response returning login.jsp
问题
[![在这里输入图片描述][1]][1][![在这里输入图片描述][2]][2]
我正在学习Spring Boot。我创建了一个带有Spring Boot安全性的示例**Spring Boot Web应用程序**,并且它运行得非常完美。<br> 现在我想在同一个Web应用程序中添加Rest Webservices功能。<br>
<b>问题:</b>
当我尝试访问任何API时,响应中会得到login.jsp。<br>
<b>要求:</b> 我希望获得JSON响应身份验证,无需进行授权。<br>
我需要进行哪些更改才能实现这一点。<br>
<br><b>WebSecurityConfig :</b><br>
```java
@Configuration
@EnableWebSecurity <br>
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Qualifier("userDetailsServiceImpl") <br>
@Autowired <br>
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return authenticationManager();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}
<details>
<summary>英文:</summary>
[![enter image description here][1]][1][![enter image description here][2]][2]
I am learning Spring Boot. I created a sample **Spring Boot Web Application** with **Spring Boot security** and it is working perfectly.<br> Now I want to add Rest Webservices functionality in same web application.<br>
<b>ISSUE:</b>
When i am trying to access any API, in response I am getting login.jsp .<br>
<b>Requirement:</b> I want JSON respnse authentication and authorization not required.<br>
What changes I need to do to achieve this.<br>
<br><b>WebSecurityConfig :</b><br>
@Configuration
@EnableWebSecurity <br>
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Qualifier("userDetailsServiceImpl") <br>
@Autowired <br>
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return authenticationManager();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}
[1]: https://i.stack.imgur.com/Y4KjJ.png
[2]: https://i.stack.imgur.com/owpDH.png
</details>
# 答案1
**得分**: 1
将该路径添加到`antMatchers`以允许所有访问,
```java
antMatchers("/resources/**", "/registration", "/api/user/**").permitAll()
这将禁用该URL的安全性。
英文:
Add that path to antMatchers to permitAll,
antMatchers("/resources/**", "/registration", "/api/user/**").permitAll()
this will disable security for that URL
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论