Spring security DefaultSecurityFilterChain跳过指定的AntMatcher
在服务器端配置Spring security DefaultSecurityFilterChain跳过指定的AntMatcher,spring-security,Spring Security,在服务器端配置Httpsecurity时,我有4个端点,并根据角色配置它们。 但不知何故,过滤器中只注册了一些AntMatcher,而跳过了少数AntMatcher : @覆盖 受保护的无效配置(HttpSecurity http)引发异常{ http.authorizeRequests() .antMatchers(“/”).permitAll() .antMatchers(“/user/getOperatorList”).hasAuthority(“角色操作员”) .antMatchers(
Httpsecurity
时,我有4个端点,并根据角色配置它们。
但不知何故,过滤器中只注册了一些AntMatcher,而跳过了少数AntMatcher
:
@覆盖
受保护的无效配置(HttpSecurity http)引发异常{
http.authorizeRequests()
.antMatchers(“/”).permitAll()
.antMatchers(“/user/getOperatorList”).hasAuthority(“角色操作员”)
.antMatchers(“/operator/getOperator”).hasAuthority(“角色操作员”)
.antMatchers(“/user/getEmployeesList”).hasAuthority(“角色\管理”)
.antMatchers(“/admin/getEmployeesList”).hasAuthority(“角色\管理”)
.anyRequest().authenticated()
.and().formLogin()
.permitAll()和().logout().permitAll();
http.csrf().disable();
}
修复了此问题。
我需要为上述resourceserverconfiguration中提供的路径添加AntMatcher。
这解决了我的问题
@EnableResourceServer
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/admin/getEmployeesList")
.and()
.authorizeRequests()
.antMatchers(“/admin/getEmployeesList”).access(“hasRole('admin')。和()
.requestMatchers()
.antMatchers(“/user/getOperatorList”、“/user/coach”、“/user/players”、“/user/schools”)
.及()
.authorizeRequests()”
应用程序是否按预期工作?这一行
创建筛选器链:任何请求都是您的配置。
@EnableResourceServer
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/admin/getEmployeesList")
.and()
.authorizeRequests()
.antMatchers("/user/getOperatorList").access("hasRole('OPERATOR')")
.antMatchers("/user/coaches").access("hasRole('COACH')")
.antMatchers("/user/players").access("hasRole('PLAYER')")
.antMatchers("/user/schools").access("hasRole('SCHOOL')")
.and()
.authorizeRequests()
.anyRequest()
.access("#oauth2.hasScope('read')");
}