I need to expose several endpoints on my spring boot application. I used oauth2 to implement security using tokens, but need a couple endpoints to be public and not requiring authorization token.
I've tried (from several articles I found) implementing a WebSecurityConfigurerAdapter
configuration class like this:
@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) {
httpSecurity
.antMatcher("/**")
.authorizeRequests()
.antMatchers('/actuator/jolokia', '/graphiql', '/voyager')
.permitAll()
.anyRequest()
.authenticated()
}
} , but to no avail, the endpoints keep asking for a token to be accessed
The pom.xml
dependency I used for enabling oauth is this: <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>${spring-security-oauth2.version}</version> </dependency>
Also, this is the config class for the authorization server for oauth:
@Component
@EnableResourceServer
@EnableAuthorizationServer
class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Value('${application.oauth.clientId}')
String clientId
@Value('${application.oauth.secret}')
String clientSecret
@Value('${application.oauth.accessTokenExpirationSeconds}')
Integer accessTokenExpirationSeconds
@Value('${application.jwt.key}')
String jwtKey
AuthenticationManager authenticationManager
AuthorizationServerConfiguration(AuthenticationConfiguration authenticationConfiguration) throws Exception {
this.authenticationManager = authenticationConfiguration.getAuthenticationManager()
}
@Override
void configure(ClientDetailsServiceConfigurer clients) throws Exception {
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
String encoded = passwordEncoder.encode(clientSecret)
clients.inMemory()
.withClient(clientId)
.secret(encoded)
.authorizedGrantTypes("client_credentials")
.scopes("all")
.accessTokenValiditySeconds(accessTokenExpirationSeconds)
}
@Override
void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.accessTokenConverter(accessTokenConverter())
}
@Bean
JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter()
converter.setSigningKey(jwtKey)
converter.setVerifierKey(jwtKey)
converter.afterPropertiesSet()
converter
}
@Bean
TokenStore tokenStore() {
new JwtTokenStore(accessTokenConverter())
}
In your SecurityConfig you need to join the separate statements together with .and() otherwise they are all concatenated together in a single statement.
Try this:
httpSecurity
.antMatcher("/**")
.authorizeRequests()
.and()
.authorizeRequests().antMatchers('/actuator/jolokia', '/graphiql', '/voyager').permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.