带有多个路径的Spring Security http antMatcher [英] spring security http antMatcher with multiple paths

问题描述

我有以下有效的春季安全性Java配置规则(版本3.2.4):

I have the following spring security java config rule (with version 3.2.4) which works:

http.antMatcher("/lti1p/**")
    .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
    .authorizeRequests().anyRequest().hasRole("LTI")
    .and().csrf().disable();

但是，我想将此规则应用于2个路径("/lti1p/"和("/lti2p/").我不能只用antMatchers替换antMatcher(HttpSecurity对象不会(不允许)，而当我尝试类似操作时，该规则就无法正确应用.

However, I would like to apply this rule to 2 paths ("/lti1p/" and ("/lti2p/"). I can't just replace antMatcher with antMatchers (HttpSecurity object doesn't allow it) and when I try something like this it doesn't apply the rule correctly anymore.

http
    .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
    .authorizeRequests()
    .antMatchers("/lti1p/**","/lti2p/**").hasRole("LTI")
    .and().csrf().disable();

我尝试了许多这样的变体，但没有任何运气.有谁知道使用java config将此规则应用于多个路径的正确方法?

I have tried a number of variants of this without any luck. Does anyone know the correct way to apply this rule using java config to multiple paths?

推荐答案

尝试以下方法:

http 
  .requestMatchers()
       .antMatchers("/lti1p/**","/lti2p/**")
       .and()
  .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
  .authorizeRequests().anyRequest().hasRole("LTI")
  .and().csrf().disable();

这篇关于带有多个路径的Spring Security http antMatcher的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！