我试着去做 Java 基于注解的Spring security 配置。我是在遵循了一个教程之后做的,并且有了提供的代码,
@Configuration
@EnableWebSecurity
// need to change this to the security directory
@ComponentScan("")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.withUser("temporary").password("temporary").roles("ADMIN")
.and()
.withUser("user").password("userPass").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/api/foos").authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.logout();
}
@Bean
public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
return new MySavedRequestAwareAuthenticationSuccessHandler();
}
@Bean
public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler();
}
}这个 API 我工作的项目的基地,
public static final String API_BASE = "/*";例如,我做 cURL 像这样的请求,
curl -X GET http://localhost:8080/rest/wallet/wallets | json我不太清楚 .antMatchers("/api/foos").authenticated() 代码中的行。例如,从哪里 foos 就要来了,我需要把它改成这样吗 .antMatchers("/foos").authenticated() ?
1条答案
按热度按时间knpiaxh11#
如果你是编程新手,这是一个有效的问题。但要习惯。所有的例子通常都有'foo'和'bar'作为样本变量、方法名等。
不管怎样
.antMatchers("/api/foos").authenticated()指定需要对与/api/foo匹配的模式url进行身份验证,然后应使用以下处理程序。把图案改成相配的-
.antMatchers("/rest/wallet/**")测试你的代码。有关更多参考资料,请阅读以下文章:何时使用spring security的antmatcher()?