@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/home/**")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(new JwtAuthenticationFilter(this.jwtProperties, authenticationManagerBean(), jwtTokenUtil), RequestCacheAwareFilter.class)
.addFilterBefore(new ExceptionHandlerFilter(), JwtAuthenticationFilter.class)
.authenticationProvider(jwtAuthenticationProvider())
.authenticationProvider(loginAuthenticationProvider());
}
使用了 permitAll 允许路径,但是/home/test请求仍然被拦截了
这个代码是按照循序执行的,你换成这样看看呢
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.authorizeRequests()
.antMatchers("/home/**")
.permitAll()
.and()
.addFilterBefore(new JwtAuthenticationFilter(this.jwtProperties, authenticationManagerBean(), jwtTokenUtil), RequestCacheAwareFilter.class)
.addFilterBefore(new ExceptionHandlerFilter(), JwtAuthenticationFilter.class)
.authenticationProvider(jwtAuthenticationProvider())
.authenticationProvider(loginAuthenticationProvider());
}
将anyRequest【任何请求】authenticated【通过身份验证】放在前面,将匹配home/**放在后面
你单独写/home/test看会不会被拦截,这也被拦截,就重写public void configure(WebSecurity web) ,
web.ignoring().mvcMatchers("/home/**");
感觉你没有很强的代码规范意识,你可以借鉴一下我写的securityCongfig.java
@Configuration
@EnableWebSecurity//加载安全策略
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LoginSuccessHandler loginSuccessHandler;
@Autowired
private LoginFailureHandler loginFailureHandler;
@Autowired
private CaptchaFilter captchaFilter;
@Autowired
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
@Autowired
private JwtLogoutSuccessHandler jwtLogoutSuccessHandler;
// @Autowired
// private DataSource dataSource;
@Autowired
private UserDetailServiceImpl userDetailService;
@Bean
JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
return new JwtAuthenticationFilter(authenticationManager());
}
@Bean
BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
// @Bean
// public PersistentTokenRepository persistentTokenRepository(){
// JdbcTokenRepositoryImpl jdbcTokenRepository=new JdbcTokenRepositoryImpl();
//
// //设置数据源
// jdbcTokenRepository.setDataSource(dataSource);
//
// //自动建表,第一次启动,第二次注释掉,防止多次建表
//// jdbcTokenRepository.setCreateTableOnStartup(true);
//
// return jdbcTokenRepository;
// }
//配置白名单
private static final String[] URL_WHITELIST={
"/login",
"/logout",
"/captcha",
"/favicon.ico"
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable() //开启跨域,关闭安全
//登录配置
.formLogin()
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler)
//退出
.and()
.logout()
.logoutSuccessHandler(jwtLogoutSuccessHandler)
//禁用session
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//配置拦截规则
.and()
.authorizeRequests()
.antMatchers(URL_WHITELIST).permitAll()
.anyRequest().authenticated()
//配置异常处理器
.and()
.exceptionHandling()
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.accessDeniedHandler(jwtAccessDeniedHandler)
//配置自定义过滤器
.and()
.addFilter(jwtAuthenticationFilter())
.addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class)
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailService);
}
}