Question

此方法有效，可以访问以/public/开头的URL：

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure (final HttpSecurity http) throws Exception
    {
        http
            .csrf    ()
            .disable ()
            .authorizeRequests ()
            .antMatchers ("/public/**") .permitAll ()
            .antMatchers ("/**")        .denyAll ()
            .and ()
            .exceptionHandling ()
            .accessDeniedHandler (m_accessDeniedHandler)
            .and ()
            .httpBasic ()
            .authenticationEntryPoint (m_authEntryPoint);
    }
}

这不是，服务错误并显示“未经授权”：

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure (final HttpSecurity http) throws Exception
    {
        http
            .csrf    ()
            .disable ()
            .authorizeRequests ()
            .antMatchers ("/**").denyAll ()
            .and ()
            .exceptionHandling ()
            .accessDeniedHandler (m_accessDeniedHandler)
            .and ()
            .httpBasic ()
            .authenticationEntryPoint (m_authEntryPoint);

        http
            .authorizeRequests ()
            .antMatchers ("/public**") .permitAll ();
    }
}

我需要基于动态配置的补充authorizeRequests()...匹配器。

第二个authorizeRequests为什么不起作用？

如何设置初始的允许/拒绝匹配器集，然后在以后添加呢？

分多个阶段构建Spring HttpSecurity

0 个答案: