我有一个spring安全配置方法。我希望仅当条件匹配时才将特定方法链接到{dev == true ? .antMatchers("/**/**").permitAll(): ()->{}}。像这样的@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.cors().disable()
.authorizeRequests()
{dev == true ? .antMatchers("/**/**").permitAll(): ()->{}} //dev only. NEVER enable on prod
.antMatchers("/", "/signup", "/static/**", "/api/sigin", "/api/signup", "**/favicon.ico").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/api/signin")
.successHandler(authSuccessHandler())
.failureHandler(authFailureHandler())
.permitAll()
.and()
.logout()
.permitAll();
}
。当然,这不是有效的语法, MOST CONSISE 的实现方式是什么。寻找最简单的编码。
STDIN答案 0 :(得分:5)
唯一的方法是将中间对象分配给变量。
WhateverAuthorizeRequestsReturns partial = http
.csrf().disable()
.cors().disable()
.authorizeRequests();
if (dev) // note: you don't need 'dev == true' like you had
{
partial.someOptionalThing();
// if the type is immutable then you need to reassign e.g.:
// partial = partial.someOptionalThing()
}
partial.something()
.somethingElse()
.andTheRest();
答案 1 :(得分:1)
如果您要做的就是允许基于布尔值访问某些路径,则可以尝试以下方法:
http
.csrf().disable()
.cors().disable()
.authorizeRequests()
.antMatchers(dev ? "/**/**":"invalid-path").permitAll()
.antMatchers("/", "/signup", "/static/**", "/api/sigin", "/api/signup", "**/favicon.ico").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/api/signin")
.successHandler(authSuccessHandler())
.failureHandler(authFailureHandler())
.permitAll()
.and()
.logout()
.permitAll();