我有以下代码来配置HttpSecurity
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class JwtSecurityConfiguration(
@Autowired private val jwtConfig: JwtConfig
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
http!!
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling().authenticationEntryPoint({ _, res, _ -> res.sendError(HttpServletResponse.SC_UNAUTHORIZED) })
.and()
.antMatcher("/**").authorizeRequests().anyRequest().authenticated()
.and()
.antMatcher("/login/**").authorizeRequests().anyRequest().permitAll()
.and()
.addFilterBefore(JwtTokenAuthenticationFilter(jwtConfig), BasicAuthenticationFilter::class.java)
}
}
在此示例中,未调用我的自定义过滤器JwtTokenAuthenticationFilter。但是,如果我删除此行
.antMatcher("/login/**").authorizeRequests().anyRequest().permitAll()
一切正常。如何过滤所有其他路径,允许所有对/login/**的请求?
谢谢