我只想允许未经身份验证的用户访问以下几个路径:/ everyone1 / something1,/ everyone2 / something2和/ everyone3 / **。 对于其余路径,我只希望允许通过身份验证的请求。
目前,我的“ WebSecurityConfig类扩展了WebSecurityConfigurerAdapter”具有:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(
jwtUtils, this.accessCookie, this.selectedRoleScopeCookie);
httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity.cors().and().csrf().disable();
httpSecurity.authorizeRequests()
.antMatchers("/everyone1/something1", "/everyone2/something2", "/everyone3/**")
.permitAll()
.anyRequest().authenticated()
.and().httpBasic().disable();
}
,在“ jwtAuthenticationFilter”中,将身份验证设置为:
private void setAuthentication2(String username, String someData, boolean authenticated) {
User user = new User(username, "", new ArrayList<>());
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
if (!authenticated) {
authentication.setAuthenticated(false);
}
AuthenticationDetails authenticationDetails = new AuthenticationDetails(someData);
authentication.setDetails(authenticationDetails);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
不幸的是,以上配置阻止了每个请求,无论请求是经过身份验证还是未经身份验证。
任何帮助将不胜感激。
谢谢!
答案 0 :(得分:0)
此方法为经过身份验证的请求授权一些路径。您需要的是:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/everyone1/something1", "/everyone2/something2", "/everyone3/**");
}
然后匿名请求可以访问此路径。