我已将Filter添加为Spring Security中的 @Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/", "/#/", "resources/static/**").permitAll().anyRequest().permitAll()
.antMatchers(HttpMethod.POST, "/api/auth").permitAll().anyRequest().permitAll()
.anyRequest().authenticated()
.and()
// We filter the api/login requests
.addFilterBefore(new JWTLoginFilter("/api/auth", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in header
.addFilterBefore(new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
}
:
/api/auth不幸的是,我的controller应用中的Spring Boot请求没有filter。它仅适用于 @Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/static/**").anyRequest();
}
。所以前端打了这个api来验证你自己。
在我的应用程序中,我还必须添加
static忽略ignore()个文件,因为第一种方法没有正确排除它。而/api/auth会导致问题,因为它调用.js,它在后端没有等效项,但仅存在于ignore()个文件中。更多/api/auth方法忽略来自404所在路径的所有请求 - 当我想在取消注释ignore()方法时调用时,此api会返回<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css" integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4" crossorigin="anonymous">
<div class="container-fluid">
<div class="row">
<div class="col-3">
<nav class="nav flex-column">
<a class="p-1 nav-link active" href="#">Active</a>
<a class="p-1 nav-link" href="#">Link</a>
<a class="p-1 nav-link" href="#">Link</a>
<a class="p-1 nav-link disabled" href="#">Disabled</a>
</nav>
</div>
<div class="col bg-light">
Here's your content! Added class bg-light for a light gray background.
</div>
</div>
</div>。所以问题是如何使其工作正常?