我正在尝试从 Springboot 2.7 迁移到 Springboot 3.1.2 。我正在尝试配置我的安全配置类。这是我的课
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.csrf(AbstractHttpConfigurer :: disable)
.authorizeHttpRequests(request -> request.requestMatchers(mvc.pattern("/api/dummy/***"))
.permitAll()
.anyRequest().authenticated())
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(new AuthTokenFilter(serviceA, serviceB),AuthenticationFilter.class);
return http.build();
}
我希望
/api/dummy/**
api 在没有任何过滤器的情况下通过,并希望将过滤器应用于所有其他请求。但目前,我的所有 api,无论任何请求匹配如何,都会通过 addFilterBefore
方法并进入 AuthTokenFilter 类。
任何人都可以帮我解决这个问题,以便提到的 API 不会通过 authTokenFilter 而其余的 API 都会通过。
我已经尝试以互联网上找到的所有可能的方式进行配置,但仍然不起作用。任何帮助将不胜感激。
您必须设置两个
SecurityFilterChain
:
@Bean
@Order(10)
public SecurityFilterChain dummyFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.securityMatchers(matchers -> matchers
.requestMatchers(mvc.pattern("/api/dummy/**")))
.authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll())
.csrf(AbstractHttpConfigurer :: disable)
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
@Bean
@Order(20)
public SecurityFilterChain mainFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.authorizeHttpRequests(request -> request.anyRequest().authenticated())
.csrf(AbstractHttpConfigurer :: disable)
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(new AuthTokenFilter(serviceA, serviceB),AuthenticationFilter.class);
return http.build();
}