如何在JavaConfig中定义http"security ='none"? [英] How do I define http "security = 'none' in JavaConfig?

问题描述

我想使用Java Config在Spring Boot中定义类似于此XML的内容.

I want to define something similar to this XML in Spring Boot using Java Config.

<http pattern="/webservices/**" security="none"/>

我需要一种不同的方法来保护它们，并且不能进行表单登录.确保它们安全将在以后出现.现在，我想停止使用http.formLogin()保护它们.

I need a different way of securing them and cannot do form-logins. Securing them will come later. For now, I want to stop securing them with http.formLogin().

我已经这样重写了WebSecurityConfigurerAdapter.configure().我找不到这样说的API:

I have overridden WebSecurityConfigurerAdapter.configure() as such. I cannot find an API to say, like this:

http.securityNone().antMatchers("/webservices")

现在是我的configure()方法:

Here is my configure() method now:

@Override
protected void configure(HttpSecurity http) throws Exception
    http.csrf().disable(); 
    http.headers().frameOptions().disable();

    http.authorizeRequests()
          .antMatchers("/resources/**", 
//"/services/**",  THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'.  NO GOOD!
//"/remoting/**",  THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'.  NO GOOD!
                      "/pages/login",
                      "/pages/loginFailed").permitAll()

    // Only authenticated can access these URLs and HTTP METHODs
    .antMatchers("/secured/**").authenticated()
    .antMatchers(HttpMethod.HEAD,"/**").authenticated()
    .antMatchers(HttpMethod.GET,"/**").authenticated()
    .antMatchers(HttpMethod.POST,"/**").authenticated()
    .antMatchers(HttpMethod.PUT,"/**").authenticated()
    .antMatchers(HttpMethod.DELETE,"/**").authenticated();

    // Accept FORM-based authentication
    http.formLogin()
        .failureUrl("/pages/loginFailed")
        .defaultSuccessUrl("/")
        .loginPage("/pages/login")
        .permitAll()
        .and()
        .logout()
        .logoutRequestMatcher(new AntPathRequestMatcher("/pages/logout"))
        .logoutSuccessUrl("/pages/login")
        .permitAll();

    http.formLogin().successHandler(new AppLoginSuccessHandler());

}

推荐答案

根据WebSecurityConfigurerAdapter JavaDocs:

According to the WebSecurityConfigurerAdapter JavaDocs:

/**
 * Override this method to configure {@link WebSecurity}. For
 * example, if you wish to ignore certain requests.
 */
public void configure(WebSecurity web) throws Exception {
}

您可以这样做:

@Override
public void configure(WebSecurity web) throws Exception {
     web.ignoring()
        .antMatchers("/webservices/**");
}

这篇关于如何在JavaConfig中定义http"security ='none"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！