问题描述

我有用于身份验证的REST服务.身份验证端点将看起来像/api/v.1/authentication. API版本是可以更改以反映更新版本的变量.一个示例是/api/v.2/authentication.我喜欢一个可以同时处理这两种情况的antMatcher，因此我尝试使用**来匹配.antMatchers(HttpMethod.POST,"**/authenticate").permitAll()来匹配端点的任何开头，但这是行不通的.下面的完整设置.

I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication. I like to have an antMatcher that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() using ** to match any beginning of the endpoint but this doesn't work. The full setup below.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
             .antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
             .antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
             .and()
        .authorizeRequests()
             .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .anyRequest().authenticated();
}

有什么建议可以解决这个问题吗?

Any suggestions how I can solve this?

推荐答案

您必须使用绝对模式，请参见 AntPathMatcher :

You have to use absolute pattern, see AntPathMatcher:

您修改和简化的配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
            .antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated();
}

这篇关于antMatchers匹配路径的任何开头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！