spring 具有多条路径的spring security http antMatcher
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25234164/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
spring security http antMatcher with multiple paths
提问by Aaron Zeckoski
I have the following spring security java config rule (with version 3.2.4) which works:
我有以下有效的 spring 安全 java 配置规则(版本 3.2.4):
http.antMatcher("/lti1p/**")
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().hasRole("LTI")
.and().csrf().disable();
However, I would like to apply this rule to 2 paths ("/lti1p/" and ("/lti2p/"). I can't just replace antMatcher with antMatchers (HttpSecurity object doesn't allow it) and when I try something like this it doesn't apply the rule correctly anymore.
但是,我想将此规则应用于 2 个路径(“/lti1p/ ”和(“/lti2p/”)。我不能只用 antMatchers 替换 antMatcher(HttpSecurity 对象不允许),并且当我尝试某些操作时像这样它不再正确地应用规则。
http
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/lti1p/**","/lti2p/**").hasRole("LTI")
.and().csrf().disable();
I have tried a number of variants of this without any luck. Does anyone know the correct way to apply this rule using java config to multiple paths?
我已经尝试了许多变体,但没有任何运气。有谁知道使用 java config 将此规则应用于多个路径的正确方法吗?
回答by Andrei Stefan
Try the following approach:
尝试以下方法:
http
.requestMatchers()
.antMatchers("/lti1p/**","/lti2p/**")
.and()
.addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().hasRole("LTI")
.and().csrf().disable();
回答by gerrytan
Try:
尝试:
.antMatchers("/lti1p/**").hasRole("LTI")
.antMatchers("/lti2p/**").hasRole("LTI")
