Spring安全性从自定义筛选器中排除端点

时间:2016-03-11 11:02:08

标签: spring spring-security spring-boot spring-java-config

具有弹簧安全配置:

http.antMatcher("/**/v1/public/company/employees/**")
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**/v1/public/company/employees/A").permitAll()
                .antMatchers(HttpMethod.POST, "/**/v1/public/company/employees/B").permitAll()
                .antMatchers("/**/v1/public/company/employees/**")
                .authenticated()
                .and()
                .csrf()
                .disable()
                .addFilterBefore(customFilter, AbstractPreAuthenticatedProcessingFilter.class);

如何从customFilter排除公共端点( A B )?

更新

使用:

@Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers(HttpMethod.OPTIONS, "/**/v1/public/company/employees/A")
                .antMatchers(HttpMethod.POST, "/**/v1/public/company/employees/B")
        }

似乎已经足够了,但我仍然不知道它是否是推荐的方式

0 个答案:

没有答案
相关问题
最新问题