Spring boot Spring安全排除url
我添加了两个过滤器,如下所示Spring boot Spring安全排除url,spring-boot,spring-security,Spring Boot,Spring Security,我添加了两个过滤器,如下所示 JWTUserName和PasswordAuthenticationFilter JwtTokenVerifier 但是我想排除一些URL,比如/main/,/main/story/,等等 所以我希望/main/,/main/story/url不需要被审查 所以我添加了下面的代码 @Override public void configure(WebSecurity web) throws Exception { web .ignoring(
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/main/**");
}
但是有个问题。请求已传递给JWTUserName和PasswordAuthenticationFilter类
public class JwtUsernameAndPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException{
log.info("JwtUsernameAndPasswordAuthenticationFilter is actived");
}
}
我不想将请求传递到JWTUserName和PasswordAuthenticationFilter
我该怎么办?更新:
_____只是为了绕过安全_____
您可以在请求任何其他请求的身份验证之前添加匹配器和许可证
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.
.
.
.antMatchers("/main/**")
.permitAll()
.anyRequest()
.authenticated()
.
.
}
此部分可能并非仅用于旁路身份验证
public void configure(WebSecurity web)
______仅将筛选器应用于匹配_______
@Bean
public FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> loggingFilter() {
FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new JwtUsernameAndPasswordAuthenticationFilter());
registrationBean.addUrlPatterns("/home**", "/test", "/sample/**");
return registrationBean;
}
@Bean
公共过滤器注册Bean loggingFilter(){
FilterRegistrationBean registrationBean=新的FilterRegistrationBean();
setFilter(新的JWTUserName和PasswordAuthenticationFilter());
addUrlPatterns(“/home**”、“/test”、“/sample/**”);
返回注册bean;
}
对不起,我刚才说的只是绕过安全功能,而不是过滤器。有一种方法,但不是通过忽略,而是仅向匹配项添加筛选器。如下:
@Bean
public FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> loggingFilter() {
FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new JwtUsernameAndPasswordAuthenticationFilter());
registrationBean.addUrlPatterns("/home**", "/test", "/sample/**");
return registrationBean;
}