示例 Controller
如下:
package com.delivery.orders
import org.springframework.web.bind.annotation.*
@RestController
@RequestMapping("/order")
class OrderController(val orderRepository: OrderRepository) {
@GetMapping
fun findOrdersByUser(): Iterable<ViewOrder> = orderRepository.findAll().map { it.toView() };
@GetMapping("/hi")
fun hi(): String = "Cool";
// @PostMapping
// fun create(@RequestBody createOrder: CreateOrder): ViewOrder =
// orderRepository.save(Order(name = createOrder.name)).toView()
}
访问 api/v1/order/hi
时,返回 401 Unauthorized。
而 SpringSecurity
中已经设置了 permitAll
。
package com.delivery.config
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
@Configuration
@EnableWebSecurity
class SecurityConfig() {
fun configure(http: HttpSecurity): SecurityFilterChain {
http
.authorizeHttpRequests { auth ->
auth.anyRequest().permitAll()
}
// http.authorizeHttpRequests { auth ->
// auth
// .requestMatchers("/api/v*/auth/**", "/auth/**").permitAll()
// .anyRequest().authenticated()
// }
// http.addFilterBefore(firebaseTokenFilter, UsernamePasswordAuthenticationFilter::class.java)
return http.build()
}
}
有人能帮我看看吗?