gpt4 book ai didi

java - 在anyRequest之后无法配置antMatchers(多个antMatcher)

转载 作者:行者123 更新时间:2023-12-01 13:02:08 24 4
gpt4 key购买 nike

我正在尝试配置Spring Security并出现以下错误:

Caused by: java.lang.IllegalStateException: Can't configure antMatchers after anyRequest



这是我的 SecurityConfig类:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

@Autowired
private UserDetailsService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth.userDetailsService(userDetailsService).passwordEncoder(encodePWD());
}

@Override
protected void configure(HttpSecurity http) throws Exception{

http
.csrf().disable();
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/rest/**").permitAll()
.anyRequest().authenticated()
.and()
.authorizeRequests()
.antMatchers("/secure/**").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll();

http
.authorizeRequests()
.antMatchers("/login").permitAll();
}

@Bean
public BCryptPasswordEncoder encodePWD(){
return new BCryptPasswordEncoder();
}
}

我已经尝试过像 here那样调用 httpSecurityauthorizeRequests().anyRequest().authenticated()
还是没用
...任何建议都会有所帮助。

最佳答案

修改规则如下。 .anyRequest().authenticated()只能使用一次。

    http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/rest/**").permitAll()
.and()
.authorizeRequests()
.antMatchers("/secure/**").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll();

关于java - 在anyRequest之后无法配置antMatchers(多个antMatcher),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60123616/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com