此方法有效,可以访问以/public/
开头的URL:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure (final HttpSecurity http) throws Exception
{
http
.csrf ()
.disable ()
.authorizeRequests ()
.antMatchers ("/public/**") .permitAll ()
.antMatchers ("/**") .denyAll ()
.and ()
.exceptionHandling ()
.accessDeniedHandler (m_accessDeniedHandler)
.and ()
.httpBasic ()
.authenticationEntryPoint (m_authEntryPoint);
}
}
这不是,服务错误并显示“未经授权”:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure (final HttpSecurity http) throws Exception
{
http
.csrf ()
.disable ()
.authorizeRequests ()
.antMatchers ("/**").denyAll ()
.and ()
.exceptionHandling ()
.accessDeniedHandler (m_accessDeniedHandler)
.and ()
.httpBasic ()
.authenticationEntryPoint (m_authEntryPoint);
http
.authorizeRequests ()
.antMatchers ("/public**") .permitAll ();
}
}
我需要基于动态配置的补充authorizeRequests()...
匹配器。
第二个authorizeRequests
为什么不起作用?
如何设置初始的允许/拒绝匹配器集,然后在以后添加呢?