美文网首页
授权服务器

授权服务器

作者: 乙腾 | 来源:发表于2020-10-11 22:03 被阅读0次

WebSecurityConfiguration

忽略拦截
web.ignoring

 /**
     * @MethodName: configure
     * @Description: 忽略拦截/user/login
     * @Param: [web]
     * @Return: void
     * @Author: pl
     * @Date: 23:16
    **/
    @Override
    public void configure(WebSecurity web) throws Exception {
       /* web.ignoring()
                .antMatchers("/user/login");*/
    }

不配忽略访问 /user/login


image.png
{
    "error": "unauthorized", #没授权
    "error_description": "Full authentication is required to access this resource"
}

授权访问路径

antMatchers

 /**
     * @MethodName: configure
     * @Description: 授权
     * @Param: [http]
     * @Return: void
     * @Author: pl
     * @Date: 0:03
    **/
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                // 增加了授权访问配置
                .antMatchers("/user/info").hasAuthority("ADMIN");
               /* .antMatchers("/user/logout").hasAuthority("ADMIN");*/
    }
image.png
{
    "error": "unauthorized",
    "error_description": "Full authentication is required to access this resource"
}

不同角色

用户是USER角色,但是访问路径授权是ADMIN

 @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        // 用户名匹配
        if (userName.equals(USERNAME)) {
            List<GrantedAuthority> grantedAuthorities = Lists.newArrayList();
            //内存模式授权 user角色
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("USER");
            grantedAuthorities.add(grantedAuthority);
            return new User(USERNAME, PASSWORD, grantedAuthorities);
        }
        // 用户名不匹配
        else {
            return null;
        }
    }

/user/logout 授予 ADMIN角色

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                // 增加了授权访问配置
                .antMatchers("/user/info").hasAuthority("ADMIN")
                .antMatchers("/user/logout").hasAuthority("ADMIN");
    }
image.png
{
    "error": "unauthorized",
    "error_description": "Full authentication is required to access this resource"
}

这时日志中什么都没打印出来,说明直接给拦截了。

相关文章

网友评论

      本文标题:授权服务器

      本文链接:https://www.haomeiwen.com/subject/zydhuktx.html