我已经为我的其他服务创建了安全性,并且我使用自定义过滤器进行身份验证,使用" AbstractAuthenticationProcessingFilter"这是我的配置。
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="personDetailsService">
<security:password-encoder base64="true" hash="md5">
<security:salt-source user-property="username"/>
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http entry-point-ref="restAuthenticationEntryPoint"
use-expressions="true" auto-config="false" create-session="stateless" >
<security:custom-filter ref="myAppAuthenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER"/>
<security:intercept-url pattern="/my/rest/**" access="isAuthenticated()"/>
<security:anonymous enabled="false"/>
<security:logout />
</security:http>
<bean class="my.web.auth.AppTokenAuthenticationFilter"
id="myAppAuthenticationTokenProcessingFilter">
<constructor-arg ref="requestMatcher"></constructor-arg>
</bean>
<bean class="my.web.auth.PersonDetailService" id ="personDetailsService"></bean>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher" id="requestMatcher">
<constructor-arg type="java.lang.String" value="/my/**"></constructor-arg>
</bean>
<bean class="my.web.auth.RestAuthenticationEntryPoint" id ="restAuthenticationEntryPoint">
</bean>
</beans>
使用此配置我的请求或继续调用我的SimpleUrlAuthenticationSuccessHandler调用后进行过滤。即使它没有使用permitAll拦截URL。