如何允许匿名访问@RequestMapping？

Question

如何定义@RequestMapping 方法以显式允许匿名（未经授权）访问？

以下不起作用，总是得到401 Unauthorized：

@RequestMapping("/test")
@Secured(value={"ROLE_ANONYMOUS"})
public String test() {
    return "OK";
}

一般来说，整个应用程序的安全性如下，使用spring-boot：

security.basic.enabled=true.

@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }
}

Answer 1

您可以覆盖configure(HttpSecurity httpSecurity) 方法并在那里定义您的规则：

@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception
    {
        httpSecurity.authorizeRequests()
           .antMatchers("/test")
           .permitAll();
        super.configure(http);
    }
}

Answer 2

@Configuration
public class AuthConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception
    {
        httpSecurity.authorizeRequests().regexMatcher("^((?!test).)*$").permitAll();
    }
}

我不确定test 之前是否有斜线，但请尝试这种否定的环视方法。