Spring Boot,filter并不局限于特定的url
Spring Boot,filter并不局限于特定的url
提问于 2015-12-02 18:43:23
在spring引导应用程序中,我创建了几个API调用。我只想为几个urls添加一个过滤器。安全配置如下:
@Configuration
@EnableWebMvc
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.addFilterBefore(authenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().denyAll();
http.authorizeRequests().antMatchers("/api/user").permitAll();
}
AuthenticationFilter authenticationFilter() throws Exception
{
AuthenticationFilter filter = new AuthenticationFilter();
return filter;
}
}我不想为除/api/user之外的任何api调用应用过滤器,所以我拒绝所有urls,并允许使用/api/user。
AuthorizationFilter类如下:
public class AuthenticationFilter extends OncePerRequestFilter
{
public AuthenticationFilter()
{
super();
}
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
{
Enumeration<String> headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements()){
String headerName = headerNames.nextElement();
System.out.println("headerName " + headerName);
System.out.println("headerVal " + request.getHeader(headerName));
}
chain.doFilter(request,response);
}
}这只会打印所有的头信息。目前,它正在打印所有api调用的头信息,但我希望只在/api/user情况下打印,而不是在任何其他api调用上打印。请建议我做些什么改变?
回答 1
Stack Overflow用户
回答已采纳
发布于 2015-12-20 20:50:41
找到一个可行的解决方案
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**");
// add security constraints for /api/... here
}
/* rest of config */
}How to ignore Spring Security config for every thing except a pattern
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/34050545
复制相关文章
相似问题
腾讯云开发者
