禁用基本身份验证(Spring Security)一次请求,对于所有其他请求保留。

huangapple go评论68阅读模式
英文:

Disable Basic Authentication(Spring Security) for one request and leave for all any

问题

如何在一个请求中禁用基本身份验证,而在所有其他请求中保留它。
我尝试过这样做,但对我来说没有用。

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/registration").permitAll()
        .and()
        .authorizeRequests()
            .anyRequest().authenticated().and().httpBasic();
}

基本身份验证仍然适用于 "/registration"。

英文:

How can i disable basic authentication for one request and leave it for all any requests.
I try do it, but these not work for mi.

@Override
protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests()
                .antMatchers(HttpMethod.POST, "/registration").permitAll()
            .and()
             .authorizeRequests()
        .anyRequest().authenticated().and().httpBasic();
}

Basic authentication still work for "/registration".

答案1

得分: 2

我假设 /registration 是您创建的网页。然后应该是这样的:

http.csrf()
    .disable()
    .httpBasic()
    .and()
    .authorizeRequests()
    .antMatchers(HttpMethod.GET, "/registration")
    .permitAll()
    .anyRequest()
    .authenticated()

如果这是一个 API 端点而不是网页,或者由于某些原因您也有一个针对 /registrationPOST 请求,那么您应该使用 HttpMethod.POST,并将 HttpMethod.GET 完全删除,只保留 /registrationantMatchers 中。

英文:

I assume the /registration is a web page which you have created. Then it should be

http.csrf()
    .disable()
    .httpBasic()
    .and()
    .authorizeRequests()
    .antMatchers(HttpMethod.GET,"/registration")
    .permitAll()
    .anyRequest()
    .authenticated()

You should use HttpMethod.POST if it is an API endpoint and not a webpage, or for some reason if you have a POST request for the /registration as well then remove the HttpMethod.GET all together and just leave /registration in the antMatchers

huangapple
  • 本文由 发表于 2020年6月6日 00:09:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/62219671.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定