问题描述
我有将用于身份验证的 REST 服务.身份验证端点将类似于 /api/v.1/authentication
.API 版本是一个可以更改以反映更新版本的变量.一个例子是 /api/v.2/authentication
.我喜欢有一个 antMatcher
可以处理这两种情况,所以我尝试了 .antMatchers(HttpMethod.POST,"**/authenticate").permitAll()
使用 **
匹配端点的任何开头,但这不起作用.完整设置如下.
I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication
. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication
. I like to have an antMatcher
that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll()
using **
to match any beginning of the endpoint but this doesn't work. The full setup below.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
.antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
}
有什么建议可以解决这个问题吗?
Any suggestions how I can solve this?
推荐答案
必须使用绝对模式,参见 AntPathMatcher
:
You have to use absolute pattern, see AntPathMatcher
:
注意:一个模式和一个路径必须都是绝对的或者都必须是相对的,这样两者才能匹配.因此,建议此实现的用户清理模式,以便在它们前面加上/"作为前缀,因为这在使用它们的上下文中是有意义的.
您修改和简化的配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
.antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
}
这篇关于antMatchers 匹配路径的任何开头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!