本文介绍了antMatchers 匹配路径的任何开头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有将用于身份验证的 REST 服务.身份验证端点将类似于 /api/v.1/authentication.API 版本是一个可以更改以反映更新版本的变量.一个例子是 /api/v.2/authentication.我喜欢有一个 antMatcher 可以处理这两种情况,所以我尝试了 .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() 使用 ** 匹配端点的任何开头,但这不起作用.完整设置如下.

I've got REST service that will be used for authentication. The authentication endpoint will look like /api/v.1/authentication. The API version is a variable that can be changed to reflect updated versions. One example would be /api/v.2/authentication. I like to have an antMatcher that can deal with both these cases so I tried .antMatchers(HttpMethod.POST,"**/authenticate").permitAll() using ** to match any beginning of the endpoint but this doesn't work. The full setup below.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
             .antMatchers(HttpMethod.POST, "**/authenticate").permitAll()
             .antMatchers(HttpMethod.GET, "**/get-public-key").permitAll()
             .and()
        .authorizeRequests()
             .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .anyRequest().authenticated();
}

有什么建议可以解决这个问题吗?

Any suggestions how I can solve this?

推荐答案

必须使用绝对模式,参见 AntPathMatcher:

You have to use absolute pattern, see AntPathMatcher:

注意:一个模式和一个路径必须都是绝对的或者都必须是相对的,这样两者才能匹配.因此,建议此实现的用户清理模式,以便在它们前面加上/"作为前缀,因为这在使用它们的上下文中是有意义的.

您修改和简化的配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/**/authenticate").permitAll()
            .antMatchers(HttpMethod.GET, "/**/get-public-key").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated();
}

这篇关于antMatchers 匹配路径的任何开头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-13 07:26