Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/wordpress/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring-安全性-请求链故障_Spring_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring-安全性-请求链故障

Spring-安全性-请求链故障

spring spring-security

Spring-安全性-请求链故障,spring,spring-security,Spring,Spring Security,我不明白,怎样才能正确地做链条的链条 如果我写 http .addFilterBefore(characterEncodingFilter(), CsrfFilter.class) .addFilterAfter(cacheControllerFilter(), CsrfFilter.class) .authorizeRequests() .antMatchers("

我不明白,怎样才能正确地做链条的链条

如果我写

 http
                .addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
                .addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
                .authorizeRequests()
                .antMatchers("/**").permitAll()
                .and()
                .authorizeRequests()
                .antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/admin/login.html")
                .defaultSuccessUrl("/admin/")
                .permitAll()
                .and()
                .logout()
                .permitAll();
在本例中,所有都是允许的,包括/admin/**

如果我有

http
                .addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
                .addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
                .authorizeRequests()
                .antMatchers("/**").permitAll()
                .and()
                .authorizeRequests()
                .antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/admin/login.html")
                .defaultSuccessUrl("/admin/")
                .permitAll()
                .and()
                .logout()
                .permitAll();
在这种情况下,包括/admin/**在内的所有内容都需要用户身份验证。

找到了解决方案

在我的情况下,解决方案是

http
                .addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
                .addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
                .authorizeRequests()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .anyRequest().permitAll()
                .and()
                .formLogin()
                .loginPage("/admin/login.html")
                .defaultSuccessUrl("/admin/")
                .permitAll()
                .and()
                .logout()
                .permitAll();