当前位置: 动力学知识库 > 问答 > 编程问答 >

spring boot - How to exclude a URL when usinf PCF SSO service with EnableOAuth2Sso annotation?

问题描述:

I am using Angular and Spring Boot to build a Single Page app with Rest API. Here is my configuration:

@SpringBootApplication

@EnableOAuth2Sso

public class AppConfig extends SpringBootServletInitializer implements ApplicationContextAware {

@Override

protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {

return application.sources(AppConfig.class);

}

public static void main(String[] args) {

ApplicationContext appContext = SpringApplication.run(AppConfig.class);

context = appContext;

}

@Configuration

protected static class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override

protected void configure(HttpSecurity http) throws Exception {

http.authorizeRequests()

.antMatchers("/healthcheck", "/").permitAll()

.antMatchers("/api/**").authenticated()

.anyRequest().authenticated();

}

}

}

The SSO service I am using is provided by Pivotal Cloud Foundry[PCF]. Everything was fine before I included

SecurityConfig

class. As soon as the app is loaded, user is redirected to the SSO login page and then redirected back to the app. But I need to exclude the "healthcheck" URL from authentication. That is why I included the SecurityConfig class. But now the SSO Authentication is not working at all. I could only reach /healthcheck.

I followed this example https://spring.io/guides/tutorials/spring-boot-oauth2/

Can someone please let me know what is wrong with my code?

Thanks.

网友答案:

I figured it out. I had to move my EnableOAuth2Sso to the WebSecurityConfigurerAdapter. Like this:

@SpringBootApplication
public class AppConfig extends SpringBootServletInitializer implements ApplicationContextAware  {

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(AppConfig.class);
    }

    public static void main(String[] args) {
        ApplicationContext appContext = SpringApplication.run(AppConfig.class);
        context = appContext;
    }

    @Configuration
    @EnableOAuth2Sso
    protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .antMatchers("/healthcheck", "/").permitAll()
                    .antMatchers("/api/**").authenticated()
                    .anyRequest().authenticated();
        }
    }

}
分享给朋友:
您可能感兴趣的文章:
随机阅读: