如何将 Spring Security AntMatchers 模式仅应用于具有 pathVariable 的 url [英] How to apply Spring Security AntMatchers pattern only to url with pathVariable

问题描述

我使用 Spring boot 和 WebSecurityConfigurerAdapter 来配置安全性.

I am using Spring boot and WebSecurityConfigurerAdapter to configure security.

配置忽略的安全 antMatches 的方法如下所示:

Method to configure ignored security antMatches looks like this:

    @Override
    public void configure(final WebSecurity web) {
        web
           .ignoring()
           .antMatchers("/items")
           .antMatchers("/items/{itemId}")

其中 {itemId} 是 UUID 格式

where {itemId} is in UUID format

问题在于，使用此配置端点(如/items/report、/items/images)也已打开，但不应打开.

The issues is that with this configuration endpoints like/items/report, /items/images are also opened, but they should not.

有没有办法只对带有路径变量的uri应用忽略规则?

Is there a way to apply ignoring rule only to uri with path variables ?

推荐答案

根据 AntPathMarcher，您需要按照文档使用正则表达式指定路径变量:

According to the documentation for AntPathMarcher, you need to specify the path variable with the regex as per doc:

{spring:[a-z]+} 匹配正则表达式 [a-z]+ 作为名为spring"的路径变量.

{spring:[a-z]+} matches the regexp [a-z]+ as a path variable named "spring".

就您而言，它将是:

@Override
    public void configure(final WebSecurity web) {
        web
           .ignoring()
           .antMatchers("/items/{itemId:[\\d+]}")

这篇关于如何将 Spring Security AntMatchers 模式仅应用于具有 pathVariable 的 url的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！