将@Order(-10)添加到WebSecurityConfig可以解决此问题.我认为这个annoation确保在ResourceConfig之前使用WebSecurityConfig.我的最终配置如下所示:
@Configuration
@Order(-10)
public class WebSecurityConfig
extends WebSecurityConfigurerAdapter
{
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests().antMatchers("/oauth/authorize").authenticated()
.and()
.authorizeRequests().anyRequest().permitAll()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.csrf().disable();
// @formatter:on
}
}
京公网安备 11010802040832号 | 京ICP备19059560号-6 