Java Spring安全性:排除特定端点
我正在编写一个反应式应用程序,其中我必须使用JWT身份验证。我的问题是,我必须只为特定端点实现安全性,但不幸的是,我的/activator/health也被验证。我如何将/activator从身份验证中排除。下面是我的班级Java Spring安全性:排除特定端点,java,spring,kotlin,spring-security,jwt,Java,Spring,Kotlin,Spring Security,Jwt,我正在编写一个反应式应用程序,其中我必须使用JWT身份验证。我的问题是,我必须只为特定端点实现安全性,但不幸的是,我的/activator/health也被验证。我如何将/activator从身份验证中排除。下面是我的班级 @Configuration class SpringSecurityConfiguration { @Bean fun AuthenticationFilter(): AuthenticationFilter = AuthenticationFil
@Configuration
class SpringSecurityConfiguration {
@Bean
fun AuthenticationFilter(): AuthenticationFilter = AuthenticationFilter())
@Bean
fun springWebFilterChain(
http: ServerHttpSecurity,
AuthenticationFilter: AuthenticationFilter
): SecurityWebFilterChain
{
val abc = http
.cors().disable()
.csrf().disable()
.httpBasic().disable()
.logout().disable()
.authorizeExchange {
it.pathMatchers("/api/v1/**").authenticated().and()
.addFilterAt(AuthenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC)
}
.build()
return abc
}
下面的过滤器每次都会被调用,尽管我提到它是bean,甚至对于/exactor端点也是如此,我希望只有在调用/api/v1/**的情况下才会调用它
class AuthenticationFilter() : WebFilter
{
override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
val authentication: Authentication = authenticate here.....
val path =exchange
return chain.filter(exchange)
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
}
}
class AuthenticationFilter():WebFilter
{
覆盖有趣的过滤器(exchange:ServerWebExchange,链:WebFilterChain):Mono{
val身份验证:身份验证=在此处进行身份验证。。。。。
val路径=交换
返回链。过滤器(交换)
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(身份验证))
}
}