当您应该忽略选项请求时,Spring Security会忽略所有请求
在GET/POST请求之前,客户端会发出一个选项请求,所以我会忽略这个调用。但当我进行此配置时,另一个请求(GET/POST)也被忽略(但不应忽略) 当我添加这一行时:当您应该忽略选项请求时,Spring Security会忽略所有请求,spring,spring-security,Spring,Spring Security,在GET/POST请求之前,客户端会发出一个选项请求,所以我会忽略这个调用。但当我进行此配置时,另一个请求(GET/POST)也被忽略(但不应忽略) 当我添加这一行时: .antMatchers(HttpMethod.OPTIONS); 忽略所有请求,但不应忽略GET/POST 以下是配置方法: @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antM
.antMatchers(HttpMethod.OPTIONS);
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.POST, "/login")
.antMatchers(HttpMethod.OPTIONS);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.anyRequest().authenticated()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers(HttpMethod.GET, "/login/authenticate").authenticated()
.antMatchers(HttpMethod.GET, "/credenciadas**").hasRole(PermissaoEnum.CONSULTAR_CREDENCIADA.getNomeInterno())
.antMatchers(HttpMethod.POST, "/credenciadas/validar").hasRole(PermissaoEnum.CONSULTAR_CREDENCIADA.getNomeInterno())
.antMatchers(HttpMethod.POST, "/credenciadas").hasRole(PermissaoEnum.INCLUIR_CREDENCIADA.getNomeInterno())
.antMatchers(HttpMethod.POST, "/credenciadas/alterar").hasRole(PermissaoEnum.ALTERAR_CREDENCIADA.getNomeInterno())
.antMatchers(HttpMethod.DELETE, "/credenciadas/").hasRole(PermissaoEnum.EXCLUIR_CREDENCIADA.getNomeInterno())
.and()
.addFilterBefore(authenticationByTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.csrf().disable();
}
能否验证是否将角色名称处的前缀字符串设置为:“role_u3;”?角色名称可能错误