英文:
Disable Basic Authentication(Spring Security) for one request and leave for all any
问题
如何在一个请求中禁用基本身份验证,而在所有其他请求中保留它。
我尝试过这样做,但对我来说没有用。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/registration").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}
基本身份验证仍然适用于 "/registration"。
英文:
How can i disable basic authentication for one request and leave it for all any requests.
I try do it, but these not work for mi.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/registration").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}
Basic authentication still work for "/registration".
答案1
得分: 2
我假设 /registration 是您创建的网页。然后应该是这样的:
http.csrf()
.disable()
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/registration")
.permitAll()
.anyRequest()
.authenticated()
如果这是一个 API 端点而不是网页,或者由于某些原因您也有一个针对 /registration 的 POST 请求,那么您应该使用 HttpMethod.POST,并将 HttpMethod.GET 完全删除,只保留 /registration 在 antMatchers 中。
英文:
I assume the /registration is a web page which you have created. Then it should be
http.csrf()
.disable()
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/registration")
.permitAll()
.anyRequest()
.authenticated()
You should use HttpMethod.POST if it is an API endpoint and not a webpage, or for some reason if you have a POST request for the /registration as well then remove the HttpMethod.GET all together and just leave /registration in the antMatchers
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论