Spring Security Oauth2 permitAll方法小记 2018-05-24 15:47 出处:清屏网 人气: 评论( 0 ) 黄鼠狼在养鸡场山崖边立了块碑,写道:“不勇敢地飞下去,你怎么知道自己原来是一只搏击长空的鹰?. Spring,spring-security,spring-boot There are 2 things flawed in your setup. You should post to /login instead of /jspringsecuritycheck as that is the new URL when using java config (and in Spring 4 for XML config also).
When do we make use of
antMatcher
vs .antMatchers
?For illustration:
What I expect here will be,
- Any demand matches to
/highlevelurlA/.
should become authenticated +/highlevelurlA/sublevel1
just for USER and/highlevelurlA/sublevel2
just for USER2 - Any demand fits to
/highlevelurlB/.
should be authenticated +/highlevelurlB/sublevel1
for public accessibility and/highlevelurlA/sublevel2
only for Consumer3. - Any various other pattern I put on't caution - But should be general public ?
I have seen latest examples perform not consist of
OleantMatcher
these days. Why is definitely that? Will beantMatcher
no much longer needed?10.2k1111 yellow metal badges5555 gold badges9696 bronze badges
sura2tsura2e3,0961111 magic badges5050 sterling silver badges7676 bronze badges
3 Answers
You require
antMatcher
for multipleHttpSecurity
, discover Spring Safety Benchmark:5.7 Multiple HttpSecurity
We can configure multiple HttpSecurity situations simply as we can possess several
lt;httpgt;
blocks. The essential is to expand theWebSecurityConfigurationAdapter
multiple situations. For instance, the following is definitely an illustration of having a different configuration for URL's that begin with/api/
.1 Configure Authentication as normal
2 Make an instance of
WebSecurityConfigurerAdapter
that includes@Order
to stipulate whichWebSecurityConfigurerAdapter
should be considered very first.3 The
http.antMatcher
claims that thisHttpSecurity
will just be suitable to URLs that start with/api/
4 Create another instance of
WebSecurityConfigurerAdapter
. If the Link does not really begin with/api/
this configuration will end up being used. This configuration is regarded as afterApiWebSecurityConfigurationAdapter
since it provides an@Purchase
value after1
(no@Order
defaults to final).In your situation you require no
durdurantMatcher
, because you have got just one configuration. Your revised program code:8,7311414 platinum badges4646 gold badges7272 bronze badges
I'meters upgrading my solution.
antMatcher
is usually a technique ofHttpSecurity
, it doesn't have got anything to perform withauthorizeRequests
. Fundamentally,http.antMatcher
informs Originate to only configureHttpSecurity
if the route fits this design.The
Meat GrimardPatrick GrimardauthorizeRequests.antMatchers
is then utilized to use documentation to one or more pathways you stipulate inantMatchers
. Such aspermitAll
orhasRole('USER3')
. These just get applied if the initialhttp.antMatcher
can be combined.4,94855 money badges3636 magic badges6363 bronze badges
Generally
Dmitryhttp.antMatcher
tells Originate to just configureHttpSecurity
if the path matches this pattern.4,0541111 money badges2828 sterling silver badges3131 bronze badges
DarshanDarshan