Spring启动安全URL配置

时间:2017-10-17 14:11:53

标签: spring spring-boot spring-security

我已将根路径设置为: - server.contextPath = / myspringBootApp(在Application.propertes中)文件。

并将配置文件更改为: - 

package com.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public CustomAuthenticationEntryPoint unauthorizedHandler;

    @Autowired
    MyDaoAuthenticationProvider authProvider;

    @Bean
    public CustomAuthenticationTokenFilter authenticationTokenFilterBean() {
        return new CustomAuthenticationTokenFilter();
    }

    @Autowired
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider.authProvider());
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .csrf().disable()
                .authorizeRequests()

                // UI related urls
                .antMatchers(
                        HttpMethod.GET,
                        "/",
                        "/myspringBootApp/login",
                       "/content/**",
                        "/*.html",
                        "/favicon.ico",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.js",
                        "/assets/**"
                ).permitAll()

                //Back end - auth layer
                .antMatchers("/auth/user").permitAll()

                //Back end - actual rest layer
                .antMatchers(HttpMethod.POST,"/auth/login").permitAll()

                .anyRequest().authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler);

        httpSecurity.addFilterBefore(authenticationTokenFilterBean(),UsernamePasswordAuthenticationFilter.class)
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

}

以上代码无效并加载UI。我尝试将UI网址更改为/myspringBootApp/favicon.ico,但这也可以提供所需的结果。

任何人都可以帮我找到解决方案吗?

1 个答案:

答案 0 :(得分:0)

我认为您可以使用WebSecurity的{​​{1}}部分:

WebSecurityConfigurerAdapter
相关问题
最新问题