Springboot WebSecurityConfig忽略过滤器

时间:2019-11-04 13:53:03

标签: angular rest authentication jwt websecurity

我的问题是,当我登录时,Spring Boot安全性已经在不存在的情况下要求载体令牌。因此,不应针对特定请求执行过滤器,在我的情况下,该请求为/ authenticate

WebSecurityConfig.java

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // We don't need CSRF for this example
    httpSecurity.csrf().disable()
            // dont authenticate this particular request
            .authorizeRequests().antMatchers(HttpMethod.POST, "/authenticate", "/register").permitAll().
            // all other requests need to be authenticated
                    anyRequest().authenticated().and().
            // make sure we use stateless session; session won't be used to
            // store user's state.
                    exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    // Add a filter to validate the tokens with every request
    httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}

但是使用这种方法,过滤器总是针对任何请求以及/ authenticate而不是意图执行。

0 个答案:

没有答案