search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.72k stars 5.87k forks source link

Why @PermitAll annotation didn't work #6974

Closed Taogang00 closed 5 years ago

Taogang00 commented 5 years ago

I want to make some API methods do not require authentication.I use @PermitAll ,but its didn't work ,How is this going??

@RestController
@RequestMapping("/v1")
@SpringBootApplication
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class DemoSecurityApplication extends WebSecurityConfigurerAdapter {

    public static void main(String[] args) {
        SpringApplication.run(DemoSecurityApplication.class, args);
    }

    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
        return manager;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .and()
                .httpBasic();
    }

    @PermitAll
    @GetMapping("/get")
    public String get() {
        return "springsecurity";
    }
}

When I request http://localhost:8080/get, it redirect to http://localhost:8080/login

Taogang00 commented 5 years ago

springboot version is 2.1.5.RELEASE

rwinch commented 5 years ago

This question appears to be more suited for StackOverflow. Please ask there with the spring-security tag. If you have a bug or feature request, feel free to reopen/create a new ticket with additional details.