具有多条路径的spring security http antMatcher [英] spring security http antMatcher with multiple paths
问题描述
我有以下有效的 spring 安全 java 配置规则(版本 3.2.4):
I have the following spring security java config rule (with version 3.2.4) which works:
http.antMatcher("/lti1p/**")
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().hasRole("LTI")
.and().csrf().disable();
但是,我想将此规则应用于 2 个路径("/lti1p/" 和 ("/lti2p/").我不能只用 antMatchers 替换 antMatcher(HttpSecurity 对象不不允许),当我尝试这样的事情时,它不再正确地应用规则.
However, I would like to apply this rule to 2 paths ("/lti1p/" and ("/lti2p/"). I can't just replace antMatcher with antMatchers (HttpSecurity object doesn't allow it) and when I try something like this it doesn't apply the rule correctly anymore.
http
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/lti1p/**","/lti2p/**").hasRole("LTI")
.and().csrf().disable();
我已经尝试了许多变体,但没有任何运气.有谁知道使用 java config 将此规则应用于多个路径的正确方法吗?
I have tried a number of variants of this without any luck. Does anyone know the correct way to apply this rule using java config to multiple paths?
推荐答案
试试下面的方法:
http
.requestMatchers()
.antMatchers("/lti1p/**","/lti2p/**")
.and()
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().hasRole("LTI")
.and().csrf().disable();
这篇关于具有多条路径的spring security http antMatcher的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!