为什么permitall()返回403 spring security?

mnemlml8  于 2021-07-12  发布在  Java
关注(0)|答案(1)|浏览(679)

我已经创建了一个在数据库中持久化用户详细信息的方法,还有一个在端点/寄存器中公开的控制器。我想让/register端点对所有人都可用。我使用了spring安全机制,并为/register端点提供了所有许可。

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final UserDetailsServiceImpl userDetailsService;

    @Autowired
    public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests(
                request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
                .anyRequest().authenticated()
            );
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
       return new BCryptPasswordEncoder();
    }
}

有人能解释一下或者帮我解释一下为什么permitall不在我的案子里工作吗。根据我编写的代码,/寄存器端点应该返回用户详细信息,但它返回403。/register端点是一个rest端点,它将用户详细信息作为输入,并在将详细信息持久化到数据库后返回用户详细信息作为输出。

@Slf4j
@RestController
public class RegistrationController {

    private final UserDetailsServiceImpl userDetailsService;

    @Autowired
    public RegistrationController(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @PostMapping(value = "/register")
    public ResponseEntity<Users> registerNewUser(@Valid @RequestBody Users users) throws EmailAlreadyExistsException {
        Users usersDetails = userDetailsService.processRegistration(users);
        log.info("{}, Information: Successfully persisted new user",this.getClass().getSimpleName());
        return new ResponseEntity<>(usersDetails,HttpStatus.OK);
    }
}
dluptydi

dluptydi1#

我猜你是通过curl或postman打电话给url的。然后必须禁用csrf或使用getMap。

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests(
            request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
            .anyRequest().authenticated()
        );
}

相关问题