什么时候使用antMatcher()和antMatchers()?
例如:
http
.antMatcher("/high_level_url_A/**")
.authorizeRequests()
.antMatchers("/high_level_url_A/sub_level_1").hasRole('USER')
.antMatchers("/high_level_url_A/sub_level_2").hasRole('USER2')
.somethingElse()
.anyRequest().authenticated()
.and()
.antMatcher("/high_level_url_B/**")
.authorizeRequests()
.antMatchers("/high_level_url_B/sub_level_1").permitAll()
.antMatchers("/high_level_url_B/sub_level_2").hasRole('USER3')
.somethingElse()
.anyRequest().authenticated()
.and()
...
我期望的是
/high_level_url_A/**匹配的请求都应通过身份验证+ /high_level_url_A/sub_level_1仅针对USER,而/high_level_url_A/sub_level_2仅针对USER2 /high_level_url_B/**匹配的请求都应经过身份验证+ /high_level_url_B/sub_level_1才能进行公共(public)访问,而/high_level_url_A/sub_level_2只能用于USER3。 我最近看到了最近的示例,其中不包括
antMatcher()。这是为什么?不再需要antMatcher()吗? 最佳答案
您需要 antMatcher 来获取多个 HttpSecurity ,请参阅Spring Security Reference:
在您的情况下,您不需要 antMatcher ,因为您只有一种配置。您修改的代码:
http
.authorizeRequests()
.antMatchers("/high_level_url_A/sub_level_1").hasRole('USER')
.antMatchers("/high_level_url_A/sub_level_2").hasRole('USER2')
.somethingElse() // for /high_level_url_A/**
.antMatchers("/high_level_url_A/**").authenticated()
.antMatchers("/high_level_url_B/sub_level_1").permitAll()
.antMatchers("/high_level_url_B/sub_level_2").hasRole('USER3')
.somethingElse() // for /high_level_url_B/**
.antMatchers("/high_level_url_B/**").authenticated()
.anyRequest().permitAll()