我使用Spring Security自定义过滤器来获取令牌。但我想在任何自定义URL之前阻止过滤器。在下面的代码中,只有登录URL不会过滤令牌。
http.csrf()
.disable()
.authorizeRequests().antMatchers("/")
.permitAll().antMatchers(HttpMethod.POST, "/login")
.permitAll().antMatchers(HttpMethod.POST, "/api/kullanici/kaydet")
.permitAll().antMatchers(HttpMethod.GET, "/metrics/**")
.permitAll().antMatchers(HttpMethod.GET, "/mappings")
.permitAll().antMatchers(HttpMethod.GET, "/trace")
.permitAll().anyRequest().authenticated().and()
.addFilterBefore(new CORSFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
例如,当我发布" / api / kullanici / kaydet"我得到访问拒绝例外。如何为上述代码允许此URL。