Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring boot Spring安全排除url_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网

Spring boot Spring安全排除url

spring-boot spring-security

Spring boot Spring安全排除url,spring-boot,spring-security,Spring Boot,Spring Security,我添加了两个过滤器,如下所示 JWTUserName和PasswordAuthenticationFilter JwtTokenVerifier 但是我想排除一些URL,比如/main/,/main/story/,等等 所以我希望/main/,/main/story/url不需要被审查 所以我添加了下面的代码 @Override public void configure(WebSecurity web) throws Exception { web .ignoring(

我添加了两个过滤器,如下所示

  • JWTUserName和PasswordAuthenticationFilter
  • JwtTokenVerifier
    • 但是我想排除一些URL,比如/main/,/main/story/,等等

    所以我希望/main/,/main/story/url不需要被审查

    所以我添加了下面的代码

    @Override
public void configure(WebSecurity web) throws Exception {
    web
        .ignoring()
        .antMatchers("/main/**");  
        
}
    但是有个问题。请求已传递给JWTUserName和PasswordAuthenticationFilter类

    public class JwtUsernameAndPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
   
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException{
            log.info("JwtUsernameAndPasswordAuthenticationFilter is actived");
    }
}
    我不想将请求传递到JWTUserName和PasswordAuthenticationFilter

    我该怎么办?

    更新:

    _____只是为了绕过安全_____

    您可以在请求任何其他请求的身份验证之前添加匹配器和许可证

    @EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure(HttpSecurity http) throws Exception
    { 
        http
         .
         .
         .
        .antMatchers("/main/**")
        .permitAll()
        .anyRequest()
        .authenticated()
         .
         .
}
    此部分可能并非仅用于旁路身份验证

    public void configure(WebSecurity web)
    ______仅将筛选器应用于匹配_______

        @Bean
    public FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> loggingFilter() {
        FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();

        registrationBean.setFilter(new JwtUsernameAndPasswordAuthenticationFilter());
        registrationBean.addUrlPatterns("/home**", "/test", "/sample/**");

        return registrationBean;
    }

    @Bean
公共过滤器注册Bean loggingFilter(){
FilterRegistrationBean registrationBean=新的FilterRegistrationBean();
setFilter(新的JWTUserName和PasswordAuthenticationFilter());
addUrlPatterns(“/home**”、“/test”、“/sample/**”);
返回注册bean;
}
    对不起,我刚才说的只是绕过安全功能,而不是过滤器。有一种方法,但不是通过忽略,而是仅向匹配项添加筛选器。如下: 
        @Bean
    public FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> loggingFilter() {
        FilterRegistrationBean<JwtUsernameAndPasswordAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();

        registrationBean.setFilter(new JwtUsernameAndPasswordAuthenticationFilter());
        registrationBean.addUrlPatterns("/home**", "/test", "/sample/**");

        return registrationBean;
    }