我正在尝试从 Springboot 2.7 迁移到 Springboot 3.1.2 。我正在尝试配置我的安全配置类。这是我的课
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.csrf(AbstractHttpConfigurer :: disable)
.authorizeHttpRequests(request -> request.requestMatchers(mvc.pattern("/api/dummy/***"))
.permitAll()
.anyRequest().authenticated())
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(new AuthTokenFilter(serviceA, serviceB),AuthenticationFilter.class);
return http.build();
}
我希望
/api/dummy/**addFilterBefore任何人都可以帮我解决这个问题,以便提到的 API 不会通过 authTokenFilter 而其余的 API 都会通过。
我已经尝试以互联网上找到的所有可能的方式进行配置,但仍然不起作用。任何帮助将不胜感激。
您必须设置两个
SecurityFilterChain@Bean
@Order(10)
public SecurityFilterChain dummyFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.securityMatchers(matchers -> matchers
.requestMatchers(mvc.pattern("/api/dummy/**")))
.authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll())
.csrf(AbstractHttpConfigurer :: disable)
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
@Bean
@Order(20)
public SecurityFilterChain mainFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
.authorizeHttpRequests(request -> request.anyRequest().authenticated())
.csrf(AbstractHttpConfigurer :: disable)
.sessionManagement(manager ->manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(new AuthTokenFilter(serviceA, serviceB),AuthenticationFilter.class);
return http.build();
}