下面的代码正在工作,以排除对特定端点的身份验证
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String[] excludeEndPoint = { "/getEmployees" };
private HttpSecurity unifiedConfiguration(HttpSecurity http) throws Exception {
return http
.authorizeRequests()
.antMatchers(HttpMethod.GET, excludeEndPoint).permitAll()
.anyRequest().authenticated();
}
}
但是我想从SpringSecurityConfig类中删除此逻辑,并在方法级别添加一些自定义注释(即UnauthenticateURL)。
Spring Boot API Example :
@GetMapping(path = "/getEmployees")
@UnauthenticateURL
public List<Employee> getEmployeeList() throws Exception {
........
........
Buisiness logic
........
}
Custom Annotation :
@Target({ METHOD})
@Retention(RUNTIME)
public @interface UnauthenticateURL {
}
是否可以通过将Spring Security与Spring Boot应用程序结合使用来实现此逻辑?