仅对一页应用弹簧安全性 [英] Apply spring security only to one page

问题描述

我有一个典型的安全配置:

I have a typical security configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/", "/index").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .logout()
            .permitAll();
    //http.authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();
}

现在 spring 要求登录除登录页面之外的所有内容......但是我怎么能以另一种方式登录，所以它只要求视图/索引的登录页面?仅适用于一组端点?谢谢！

Now spring is asking for a login for everything except of the login page... But how could I make it the other way, so it asks for login page ONLY for the view /index? Od only for a group of endpoints? Thanks!

推荐答案

试试这个:

       http
        .authorizeRequests()
        .antMatchers("/", "/index").authenticated()//Makes / and /index to be authenthicated
        .anyRequest().permitAll()//Makes any other allow without authentication. Or if you want a group use antMatchers here too.
        .and()
        .formLogin()
        .loginPage("/login")
        .permitAll()
        .and()
        .logout()
        .permitAll();

这篇关于仅对一页应用弹簧安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！