Java 在 Spring 安全中允许除一个之外的所有 URL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36382970/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Allow all URLs but one in Spring security
提问by Sathyakumar Seshachalam
I would like to protect just a single URL, while allowing anonymous access for everything else.
我只想保护一个 URL,同时允许匿名访问其他所有内容。
The Java configuration examples i'm seeing in the internet all seem to indicate that you need to explicitly permitAlleach and every URL, and appropriate hasRolefor URLs that need to be protected. This in my case, creates a really unwieldy java code which I have modify every time I add a new URL to the application. Is there an easier java configuration that I can use.
我在互联网上看到的 Java 配置示例似乎都表明您需要明确permitAll每个 URL,并且适用hasRole于需要保护的 URL。在我的情况下,这会创建一个非常笨拙的 java 代码,每次我向应用程序添加新 URL 时都会修改它。有没有我可以使用的更简单的 java 配置。
And note also that in my case, the URL i'm protecting is a sub-resource, say employee/me, I would like employee/list, etc., to be anonymously accessible.
还要注意,在我的情况下,我保护的 URL 是一个子资源,比如employee/me,我希望employee/list,等等,可以匿名访问。
采纳答案by Ali Dehghani
If you're using Java Configuration, you can use something like following in your configuremethod:
如果您使用的是Java Configuration,则可以在configure方法中使用以下内容:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/employee/me").authenticated()
.antMatchers("/**").permitAll();
}
