那些遇到过的问题

相关疑难解决方法(0)

Spring webSecurity.ignoring()不会忽略自定义过滤器

我在Spring 4 MVC + Security + Boot项目中设置了一个自定义身份验证过滤器.过滤器做得很好,现在我想禁用某些URI的安全性(比如/api/**).这是我的配置

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/api/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests()
                 .anyRequest().authenticated()
              .and()
                 .addFilterBefore(filter, BasicAuthenticationFilter.class);
    }
}
Run Code Online (Sandbox Code Playgroud)

不幸的是,当我在/ api/...下调用资源时,过滤器仍然被链接.我在我的过滤器中添加了println,并在每次调用时将其写入控制台.你知道我的配置有什么问题吗?

UPDATE

过滤代码: 

@Component
public class EAccessAuthenticationFilter extends RequestHeaderAuthenticationFilter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        System.out.println("FILTER");
        if(SecurityContextHolder.getContext().getAuthentication() == null){
            //Do my authentication stuff
            PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(user, credential, authorities); …
Run Code Online (Sandbox Code Playgroud)

java spring spring-mvc spring-security

rat*_*tek
2016 08-26
8
推荐指数
3
解决办法
9609
查看次数

Spring Security配置-HttpSecurity与WebSecurity

我只需要了解Spring Security Configuration中的内容。使用下面的示例...

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .httpBasic()
            .and()
            .authorizeRequests().antMatchers("/secret/**").authenticated()
            .and()
            .authorizeRequests().antMatchers("/**").permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
    }

}
Run Code Online (Sandbox Code Playgroud)

configure(WebSecurity web)方法的目的是什么?

我不能只是添加/resources/**configure(HttpSecurity http)方法,在这条线.authorizeRequests().antMatchers("/**", "/resources/**").permitAll(); 应该不是它的工作相同,即允许所有的请求/resources/**没有任何身份验证?

java spring-security spring-boot

Kih*_*ats
lucky-day
2
推荐指数
3
解决办法
1007
查看次数

标签 统计

java ×2

spring-security ×2

spring ×1

spring-boot ×1

spring-mvc ×1