如何将 Spring Security AntMatchers 模式仅应用于具有 pathVariable 的 url [英] How to apply Spring Security AntMatchers pattern only to url with pathVariable
问题描述
我使用 Spring boot 和 WebSecurityConfigurerAdapter
来配置安全性.
I am using Spring boot and WebSecurityConfigurerAdapter
to configure security.
配置忽略的安全 antMatches 的方法如下所示:
Method to configure ignored security antMatches looks like this:
@Override
public void configure(final WebSecurity web) {
web
.ignoring()
.antMatchers("/items")
.antMatchers("/items/{itemId}")
其中 {itemId}
是 UUID 格式
where {itemId}
is in UUID format
问题在于,使用此配置端点(如/items/report
、/items/images
)也已打开,但不应打开.
The issues is that with this configuration endpoints like/items/report
, /items/images
are also opened, but they should not.
有没有办法只对带有路径变量的uri应用忽略规则?
Is there a way to apply ignoring rule only to uri with path variables ?
推荐答案
根据 AntPathMarcher
,您需要按照文档使用正则表达式指定路径变量:
According to the documentation for AntPathMarcher
, you need to specify the path variable with the regex as per doc:
{spring:[a-z]+} 匹配正则表达式 [a-z]+ 作为名为spring"的路径变量.
{spring:[a-z]+} matches the regexp [a-z]+ as a path variable named "spring".
就您而言,它将是:
@Override
public void configure(final WebSecurity web) {
web
.ignoring()
.antMatchers("/items/{itemId:[\\d+]}")
这篇关于如何将 Spring Security AntMatchers 模式仅应用于具有 pathVariable 的 url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!