Spring-安全性-请求链故障
我不明白,怎样才能正确地做链条的链条 如果我写Spring-安全性-请求链故障,spring,spring-security,Spring,Spring Security,我不明白,怎样才能正确地做链条的链条 如果我写 http .addFilterBefore(characterEncodingFilter(), CsrfFilter.class) .addFilterAfter(cacheControllerFilter(), CsrfFilter.class) .authorizeRequests() .antMatchers("
http
.addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
.addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login.html")
.defaultSuccessUrl("/admin/")
.permitAll()
.and()
.logout()
.permitAll();
在本例中,所有都是允许的,包括/admin/**
如果我有
http
.addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
.addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login.html")
.defaultSuccessUrl("/admin/")
.permitAll()
.and()
.logout()
.permitAll();
在这种情况下,包括/admin/**在内的所有内容都需要用户身份验证。找到了解决方案
在我的情况下,解决方案是
http
.addFilterBefore(characterEncodingFilter(), CsrfFilter.class)
.addFilterAfter(cacheControllerFilter(), CsrfFilter.class)
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/admin/login.html")
.defaultSuccessUrl("/admin/")
.permitAll()
.and()
.logout()
.permitAll();