antMatchers 匹配路径的任何开头 [英] antMatchers that matches any beginning of path

问题描述

我有将用于身份验证的 REST 服务.身份验证端点将类似于 /api/v.1/authentication.API 版本是一个可以更改以反映更新版本的变量.一个例子是 /api/v.2/authentication.我喜欢有一个 antMatcher 可以处理这两种情况，所以我尝试了 .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() 使用 ** 匹配端点的任何开头，但这不起作用.完整设置如下.

I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication. I like to have an antMatcher that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() using ** to match any beginning of the endpoint but this doesn't work. The full setup below.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
             .antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
             .antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
             .and()
        .authorizeRequests()
             .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .anyRequest().authenticated();
}

有什么建议可以解决这个问题吗?

Any suggestions how I can solve this?

推荐答案

必须使用绝对模式，参见 AntPathMatcher:

You have to use absolute pattern, see AntPathMatcher:

注意:一个模式和一个路径必须都是绝对的或者都必须是相对的，这样两者才能匹配.因此，建议此实现的用户清理模式，以便在它们前面加上/"作为前缀，因为这在使用它们的上下文中是有意义的.

Note: a pattern and a path must both be absolute or must both be relative in order for the two to match. Therefore it is recommended that users of this implementation to sanitize patterns in order to prefix them with "/" as it makes sense in the context in which they're used.

您修改和简化的配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
            .antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated();
}

这篇关于antMatchers 匹配路径的任何开头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！