问题描述
我有用于身份验证的REST服务.身份验证端点将看起来像/api/v.1/authentication
. API版本是可以更改以反映更新版本的变量.一个示例是/api/v.2/authentication
.我喜欢一个可以同时处理这两种情况的antMatcher
,因此我尝试使用**
来匹配.antMatchers(HttpMethod.POST,"**/authenticate").permitAll()
来匹配端点的任何开头,但这是行不通的.下面的完整设置.
I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication
. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication
. I like to have an antMatcher
that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll()
using **
to match any beginning of the endpoint but this doesn't work. The full setup below.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
.antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
}
有什么建议可以解决这个问题吗?
Any suggestions how I can solve this?
推荐答案
您必须使用绝对模式,请参见 AntPathMatcher
:
You have to use absolute pattern, see AntPathMatcher
:
您修改和简化的配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
.antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
}
这篇关于antMatchers匹配路径的任何开头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!