我试图在春季添加网络安全性,但我不希望过滤器适用于某些事情.怎么在java中完成?
也许还有更好的方法,因为我创建了一个自定义过滤器,但这是我认为实例化它的唯一方法,因为它的依赖性.
总的来说,我想做的是:
/resources/**不应该通过过滤器,
/login(POST)不应该通过过滤器,其他一切都应该通过过滤器
通过我在春天发现的各种例子我能够想出一个开始,但它显然不起作用:
@Configuration
@EnableWebSecurity
@Import(MyAppConfig.class)
public class MySecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/login").permitAll();
httpSecurity.httpBasic();
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
@Autowired
public TokenFilterSecurityInterceptor<TokenInfo> tokenInfoTokenFilterSecurityInterceptor(MyTokenUserInfoCache userInfoCache, ServerStatusService serverStatusService, HttpSecurity httpSecurity) throws Exception
{
TokenService<TokenInfo> tokenService = new TokenServiceImpl(userInfoCache);
TokenFilterSecurityInterceptor<TokenInfo> tokenFilter = new TokenFilterSecurityInterceptor<TokenInfo>(tokenService, serverStatusService, "RUN_ROLE");
httpSecurity.addFilter(tokenFilter);
return tokenFilter;
}
}