在pom.xml中配置了
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> |
但是在程式中沒有實作 WebSecurityConfigurerAdapter, 配置通路path的授權。
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled=true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure( HttpSecurity httpSecurity ) throws Exception { //httpSecurity.authorizeRequests().anyRequest().permitAll(); httpSecurity.csrf().disable(); httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers(HttpMethod.POST).permitAll() .antMatchers(HttpMethod.PUT).permitAll() .antMatchers(HttpMethod.DELETE).permitAll() .antMatchers(HttpMethod.GET).permitAll(); httpSecurity.headers().cacheControl(); } } |