如何在JavaConfig中定义http"security ='none"? [英] How do I define http "security = 'none' in JavaConfig?
问题描述
我想使用Java Config在Spring Boot中定义类似于此XML的内容.
I want to define something similar to this XML in Spring Boot using Java Config.
<http pattern="/webservices/**" security="none"/>
我需要一种不同的方法来保护它们,并且不能进行表单登录.确保它们安全将在以后出现.现在,我想停止使用http.formLogin()保护它们.
I need a different way of securing them and cannot do form-logins. Securing them will come later. For now, I want to stop securing them with http.formLogin().
我已经这样重写了WebSecurityConfigurerAdapter.configure().我找不到这样说的API:
I have overridden WebSecurityConfigurerAdapter.configure() as such. I cannot find an API to say, like this:
http.securityNone().antMatchers("/webservices")
现在是我的configure()方法:
Here is my configure() method now:
@Override
protected void configure(HttpSecurity http) throws Exception
http.csrf().disable();
http.headers().frameOptions().disable();
http.authorizeRequests()
.antMatchers("/resources/**",
//"/services/**", THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'. NO GOOD!
//"/remoting/**", THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'. NO GOOD!
"/pages/login",
"/pages/loginFailed").permitAll()
// Only authenticated can access these URLs and HTTP METHODs
.antMatchers("/secured/**").authenticated()
.antMatchers(HttpMethod.HEAD,"/**").authenticated()
.antMatchers(HttpMethod.GET,"/**").authenticated()
.antMatchers(HttpMethod.POST,"/**").authenticated()
.antMatchers(HttpMethod.PUT,"/**").authenticated()
.antMatchers(HttpMethod.DELETE,"/**").authenticated();
// Accept FORM-based authentication
http.formLogin()
.failureUrl("/pages/loginFailed")
.defaultSuccessUrl("/")
.loginPage("/pages/login")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/pages/logout"))
.logoutSuccessUrl("/pages/login")
.permitAll();
http.formLogin().successHandler(new AppLoginSuccessHandler());
}
推荐答案
根据WebSecurityConfigurerAdapter
JavaDocs:
According to the WebSecurityConfigurerAdapter
JavaDocs:
/**
* Override this method to configure {@link WebSecurity}. For
* example, if you wish to ignore certain requests.
*/
public void configure(WebSecurity web) throws Exception {
}
您可以这样做:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/webservices/**");
}
这篇关于如何在JavaConfig中定义http"security ='none"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!