java - Spring Security Apache Ant URL 对扩展名或后缀进行过滤

Question

我想要求对具有特定扩展名的 URL 进行身份验证，但无法理解 Spring Security 中的 Apache Ant 解析器的功能。它似乎只支持从左到右解析，而不是使用像正则表达式这样更常见的东西。本质上，我想要这样的东西:

<intercept-url pattern="/**.html*" access="isAuthenticated()" />

任何末尾带有“.html”的 URL 都需要身份验证。有办法实现吗？

Answer 1

您可以更改 request matcher :

• request-matcher Defines the RequestMatcher strategy used in the FilterChainProxy and the beans created by the intercept-url to match incoming requests. Options are currently ant, regex and ciRegex, for ant, regular-expression and case-insensitive regular-expression repsectively. A separate instance is created for eachintercept-url element using its pattern and method attributes. Ant paths are matched using an AntPathRequestMatcher and regular expressions are matched using a RegexRequestMatcher. See the Javadoc for these classes for more details on exactly how the matching is preformed. Ant paths are the default strategy.

但是AntPathMatcher应该这样做:

Some examples:

• com/t?st.jsp - matches com/test.jsp but also com/tast.jsp or com/txst.jsp
• com/*.jsp - matches all .jsp files in the com directory
• com/**/test.jsp - matches all test.jsp files underneath the com path
• org/springframework/**/*.jsp - matches all .jsp files underneath the org/springframework path
• org/**/servlet/bla.jsp - matches org/springframework/servlet/bla.jsp but also org/springframework/testing/servlet/bla.jsp and org/servlet/bla.jsp