使用 OAUTH2 的 Spring 反应式安全无法排除端点（始终返回 401）

发布于 2025-01-13 09:18:13 字数 838 浏览 0 评论 0原文

正在使用反应式安全实现构建反应式 REST API。但我无法从 OAUTH2 服务器（运行状况检查端点）中排除某些端点。即使我将它们添加到我的安全配置中，它也不起作用。它始终返回该端点的 401 请求。

我的安全配置类是

@Configuration
@Slf4j
public class SecurityConfiguration {

    @Bean
    SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        return http
                .httpBasic().disable()
                .formLogin().disable()
                .csrf().disable()
                .authorizeExchange(exchange -> exchange.pathMatchers("/myapp/healthcheck")
                        .permitAll()
                        .anyExchange()
                        .authenticated())
                .oauth2ResourceServer(oauth2 ->
                        oauth2
                                .jwt(Customizer.withDefaults())
                )
                .build();
    }
}

原文

Am building the reactive rest APIs with reactive security implementation. But am unable to exclude some of the end points from OAUTH2 server(Health check end point). Even though am adding those in my security configuration its not working. It always return 401 request for that end point.

My Security configuration class would be

@Configuration
@Slf4j
public class SecurityConfiguration {

    @Bean
    SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        return http
                .httpBasic().disable()
                .formLogin().disable()
                .csrf().disable()
                .authorizeExchange(exchange -> exchange.pathMatchers("/myapp/healthcheck")
                        .permitAll()
                        .anyExchange()
                        .authenticated())
                .oauth2ResourceServer(oauth2 ->
                        oauth2
                                .jwt(Customizer.withDefaults())
                )
                .build();
    }
}

分享到QQ

分享到微博