Spring security 春天:HttpSecurity。如何仅允许未经身份验证的访问某些端点?
我希望经过身份验证的用户在尝试访问/登录或/注册URL时自动重定向到主页,以便只有未经身份验证的用户才能访问这些URL。如何配置我的httpSecurity 我的发言如下:Spring security 春天:HttpSecurity。如何仅允许未经身份验证的访问某些端点?,spring-security,Spring Security,我希望经过身份验证的用户在尝试访问/登录或/注册URL时自动重定向到主页,以便只有未经身份验证的用户才能访问这些URL。如何配置我的httpSecurity 我的发言如下: protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests()
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/driver/**").hasRole("DRIVER")
.antMatchers("/employee/**").hasRole("EMPLOYEE")
.antMatchers("/login*", "/register*", "/forgotPassword*", "/", "/welcome").permitAll()
.and().authorizeRequests()
.antMatchers("/profile*").hasAnyRole("ADMIN", "DRIVER", "EMPLOYEE")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
// .loginProcessingUrl("/performLogin")
.defaultSuccessUrl("/homePage/", true)
.failureUrl("/login?error=true")
.failureHandler(authenticationFailureHandler())
.and()
.logout()
.logoutUrl("/performLogOut")
.logoutSuccessUrl("/")
.deleteCookies("JSESSIONID")
.logoutSuccessHandler(logoutSuccessHandler())
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler());
// http.httpBasic().disable();
}
这可能就是您要寻找的: