小贝子编程

JHipster/Rect-匿名(登录前)从服务器获取数据



我已经生成了一个JHipster应用程序(客户端使用ReactJs(。我正试图创建一个匿名请求到服务器,以在没有身份验证的情况下获取数据,但我收到了

{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}

我在服务器端使用网关和游戏服务。我已经添加到网关SecurityConfiguration.java文件

.and()
.authorizeRequests()
.antMatchers("/api/published-games").permitAll()

以及游戏服务SecurityConfiguration.java文件

.and()
.authorizeRequests()
.antMatchers("/api/published-games").permitAll()

但仍然会出现未经授权的错误。

我认为您没有编写所有的SecurityConfiguration.java.

您需要指定允许所有人使用的整个端点路径:

.and()
.authorizeRequests()
.antMatchers("/app/test").permitAll()
....

您需要像在LogoutResource.logout方法中看到的那样实现服务,有些类似于:

@RestController
@RequestMapping("/app")
public class PublicResource {
private final Logger log = LoggerFactory.getLogger(PublicResource.class);
private final UserService userService;
public PublicResource(UserService userService) {
this.userService = userService;
}
@GetMapping("/test")
public ResponseEntity<?> getATest(Pageable pageable) {               
Map<String, String> logoutDetails = new HashMap<>();
logoutDetails.put("A", "One");
logoutDetails.put("B", "Two");        
return ResponseEntity.ok().body(logoutDetails);
}
...

您必须在网关的application*.ymljhipster.gateway.authorized-microservices-endpoints属性下配置授权端点。这是AccessControlFilter的配置源。别忘了在注册表中更新它。

在您的情况下,它应该是:

gateway:
authorized-microservices-endpoints: # Access Control Policy, if left empty for a route, all endpoints will be accessible
game: /api,/api/published-games

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium