我想创建一个用户无需登录即可访问的页面,例如一篇博文。我已经设置了一个微服务应用程序(角度为2的Jhipster 4)。
这是来自网关的.yo-rc.json文件。
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.jhipster.blog",
"nativeLanguage": "en"
},
"jhipsterVersion": "4.4.1",
"baseName": "gateway",
"packageName": "com.jhipster.blog",
"packageFolder": "com/jhipster/blog",
"serverPort": "8080",
"authenticationType": "jwt",
"hibernateCache": "hazelcast",
"clusteredHttpSession": false,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "maven",
"enableSocialSignIn": false,
"jwtSecretKey": "c6c434f1cd39a1866adec9aaab7e9fc42d736621",
"clientFramework": "angular2",
"useSass": true,
"clientPackageManager": "yarn",
"applicationType": "gateway",
"testFrameworks": [
"gatling",
"cucumber",
"protractor"
],
"jhiPrefix": "jhi",
"enableTranslation": true,
"nativeLanguage": "en",
"languages": [
"en",
"sv"
]
}
}
在/gateway/src/main/webapp/app/entities/blog/blog.route.ts我已删除了权限中的角色
export const blogRoute: Routes = [
{
path: 'blog',
component: BlogComponent,
data: {
authorities: [], <--- REMOVED ROLE
pageTitle: 'gatewayApp.blog.home.title'
},
canActivate: [UserRouteAccessService]
}, {
path: 'blog/:id',
component: BlogDetailComponent,
data: {
authorities: [], <--- REMOVED ROLE
pageTitle: 'gatewayApp.blog.home.title'
},
canActivate: [UserRouteAccessService]
}
];
并在/gateway/src/main/java/se/jh/blog/config/SecurityConfiguration.java
.authorizeRequests()
.antMatchers("/api/blogs").permitAll() <-- Added paths
.antMatchers("/api/blogs/**").permitAll() <-- Added paths
.antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll()
...
但是当我尝试访问localhost:8080/#/blog/1时仍然获得401并拒绝访问。我做错了什么?
答案 0 :(得分:0)
接收401错误意味着API端点仍然是安全的。网关的SecurityConfiguration仅适用于网关。并且网关只是将您的请求代理到您的微服务。
您的微服务也有自己的MicroserviceSecurityConfiguration.java,您应该编辑此文件并将permitAll()设置为博客API。
答案 1 :(得分:0)
博客!=博客
一部分是您允许每个人访问&#34;博客&#34; - 但你正试图获得博客&#34;