antMatchers匹配路径的任何开头 [英] antMatchers that matches any beginning of path

问题描述

我有用于身份验证的REST服务.身份验证端点将看起来像/api/v.1/authentication. API版本是可以更改以反映更新版本的变量.一个示例是/api/v.2/authentication.我喜欢一个可以同时处理这两种情况的antMatcher，因此我尝试使用**来匹配.antMatchers(HttpMethod.POST,"**/authenticate").permitAll()来匹配端点的任何开头，但这是行不通的.下面的完整设置.

I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication. I like to have an antMatcher that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() using ** to match any beginning of the endpoint but this doesn't work. The full setup below.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
             .antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
             .antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
             .and()
        .authorizeRequests()
             .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .anyRequest().authenticated();
}

有什么建议可以解决这个问题吗?

Any suggestions how I can solve this?

推荐答案

您必须使用绝对模式，请参见

You have to use absolute pattern, see AntPathMatcher:

注意:模式和路径必须都是绝对的，或者都必须是相对的，才能使两者匹配.因此，建议此实现的用户清理模式，以便在使用模式的上下文中使用"/"作为前缀.

Note: a pattern and a path must both be absolute or must both be relative in order for the two to match. Therefore it is recommended that users of this implementation to sanitize patterns in order to prefix them with "/" as it makes sense in the context in which they're used.

您修改和简化的配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
            .antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated();
}

这篇关于antMatchers匹配路径的任何开头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！