I try to use swagger with my GET, POST an PUT endpoints. When I try to trigger GET enpoint without authentication it returns me 401, but POST and PUT 403. Why is that so different? I would like to all of them return 401 if there is no authentication. Here is my controller
@Controller
@RequestMapping(value = {"/abc"}, produces = {"application/json"})
public class MyController {
@ApiOperation(value = "Create", notes = "", response = Dto.class, authorizations = {
@Authorization(value = "oauth2schema", scopes = {
@AuthorizationScope(scope = "read", description = "read")
})
}, tags = {})
@RequestMapping(value = "/v1",
produces = {"application/json"},
method = RequestMethod.POST)
public ResponseEntity<Dto> create(
@ApiParam(value = "") @RequestBody Dto dto) {
return ...;
}
@ApiOperation(value = "Get", notes = "", response = Dto.class, authorizations = {
@Authorization(value = "oauth2schema", scopes = {
@AuthorizationScope(scope = "read", description = "read")
})
}, tags = {})
@RequestMapping(value = "/v1",
produces = {"application/json"},
method = RequestMethod.GET)
public ResponseEntity<Dto> get() {
return ... ;
}
}
Then I have some auth settings
@Configuration
@EnableWebSecurity
@EnableDiscoveryClient
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/metrics").permitAll()
.antMatchers("/health").permitAll()
.antMatchers("/info").permitAll()
.antMatchers("/swagger.json").permitAll()
.antMatchers("/abc/**").authenticated()
.and()
.exceptionHandling()
.and()
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
// @formatter:on
return http.build();
}
}
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745238414a4618029.html
评论列表(0条)