在Spring Security中,我想要3种特殊URL的配置。主配置类中的每个此类都用@EnableWebSecurity注释。不幸的是,通过输入地址/login/refreshtoken,它们都会触发自己的过滤器。我应该如何限制每个人照顾自己?
第一个配置:
@Configuration
@Order(1)
public static class refreshTokenFilter extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/login/refreshtoken")
.csrf().disable()
.cors().and()
.authorizeRequests()
.antMatchers("/login/refreshtoken").permitAll()
.and().addFilterAfter(refreshTokenFilter(),UsernamePasswordAuthenticationFilter.class);
}
@Bean
public RefreshTokenFilter refreshTokenFilter(){
return new RefreshTokenFilter();
}
}
第二个:
@Configuration
@Order(2)
public static class loginFilter extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/login").authorizeRequests()
.antMatchers("/login").permitAll()
.and().addFilterBefore(loginFilter(),UsernamePasswordAuthenticationFilter.class);
}
@Bean
public LoginFilter loginFilter(){
return new LoginFilter();
}
}
第三个:
@Configuration
@Order(3)
public static class endpointsFilter extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/twitter/**").antMatcher("/instagram/**")
.csrf().disable()
.cors()
.and().rememberMe().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/twitter/**","/instagram/**").permitAll()
.antMatchers(HttpMethod.GET, AUTH_WHITELIST).permitAll()
.and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().requestCache().disable()
.logout().and()
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}