我希望安全性仅针对带有URL的特定URL触发,我认为这是绕过spring安全性,但是扩展BasicAuthenticationFilter的添加的授权过滤器正在对每个URL进行触发,我该如何将URL设置为还添加了BasicAuthenticationFilter。我正在实现Jwt令牌。
这是我的配置:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserServiceImpl userService;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf()
.disable().authorizeRequests()
.antMatchers("**/auth/**").authenticated()
.anyRequest().permitAll()
.and()
.addFilter(new AuthorizationFilter(authenticationManager()))
.addFilter(authenticationFilter())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().cacheControl();
}
public AuthenticationFilter authenticationFilter() throws Exception{
final AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager());
authenticationFilter.setFilterProcessesUrl("/login");
return authenticationFilter ;
}
}
答案 0 :(得分:1)
选项
BasicAuthenticationFilter,作为继承的结果,您可以编写自己的身份验证方法,在运行时将从Spring安全性的角度考虑子类的方法。 AbstractAuthenticationFilter并在其中进行所需的过滤。