我有下面的jwt配置,但是我想允许所有请求进入我的swagger用户界面我尝试过用permitall()添加antmatcher,但是没有成功。
有人能帮我吗?
@EnableWebSecurity
public class JwtAuthConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(getJwtAuthenticationConverter());
}
private Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
converter.setJwtGrantedAuthoritiesConverter(jwt -> {
Map<String, Object> claims = jwt.getClaims();
String userType = (String) claims.get("custom:userType");
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
if(!StringUtils.isEmpty(userType))
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + userType));
return grantedAuthorities;
});
return converter;
}
}
我也定义了这个rest前缀:
server:
port: 5000
servlet:
context-path: /api/v1
1条答案
按热度按时间23c0lvtd1#
我猜你需要这样的东西:
看起来您仍然需要确保其他请求使用oauth过滤器进行了身份验证。看看这里的.authenticated()示例:oauth filter spring