我正在尝试使用Spring Webfux Security来保护SPA中的路径。要保护的路径是" / ** / orderbook"并且所有其他路径都应该对匿名访问开放。我如何为此配置Spring Security?目前,它始终要求登录,而不仅仅是要保护路径。
我的Webflux配置:
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.csrf().disable()
.httpBasic().disable()
.formLogin().disable()
.logout().disable()
.securityContextRepository(this.jwtSecContextRepository)
.authorizeExchange()
.pathMatchers("/**/orderbook").authenticated()
.anyExchange().permitAll()
.and().build();
}
}
JwtSecContextRepository如下所示:
@Component
public class JwtSecurityContextRepository implements ServerSecurityContextRepository {
@Override
public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
return null;
}
@Override
public Mono<SecurityContext> load(ServerWebExchange exchange) {
LinkedList<SimpleGrantedAuthority> linkedList = new LinkedList<>();
linkedList.add(new SimpleGrantedAuthority("USERS"));
Authentication auth = new JwtAuthenticationToken("user", "password", linkedList);
return Mono.just(new SecurityContextImpl(auth));
}
}
我错过了匿名访问等功能。 SecurityContextRepository尝试提供但没有成功。我似乎对SecurityContextRepository没有任何影响。
有人有什么想法吗?