security-webflux应用程序中如何将静态资源请求排除在过滤器之外

zd287kbt 于 2021-07-24 发布在 Java

关注(0)|答案(1)|浏览(430)

我了解spring security servlet应用程序的以下内容：

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().mvcMatchers(""/favicon.ico", "/doc.html", "/webjars/**", "/swagger-resources/**", "/**/v2/api-docs"");
}

以下请求将通过spring security应用程序上的筛选器：

@Bean
public SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http ) {

    final String[] skipSwaggerUrls = new String[] {
                    "/favicon.ico",
                    "/doc.html",
                    "/webjars/**",
                    "/swagger-resources/**",
                    "/**/v2/api-docs" };
            http.authorizeExchange()
                    .pathMatchers( skipSwaggerUrls ).permitAll()
                    .anyExchange().authenticated()
                    .and().csrf().disable()
                    .oauth2ResourceServer()
                    .bearerTokenConverter( new JwtExtractTokenAuthenticationConverter() )
                    .authenticationEntryPoint( new UserAuthenticationEntryPoint() )
                    .accessDeniedHandler( new UserAccessDeniedHandler() )
                    .jwt();

            return http.build();
    }

在springsecuritywebflux应用程序中，如何将静态资源请求排除在过滤器之外？
谢谢你的帮助

spring spring-security

来源：https://stackoverflow.com/questions/65859147/how-to-keep-static-resource-requests-out-of-the-filter-on-spring-security-webflu

1条答案

按热度按时间

zdwk9cvp1#

我现在已经解决了这个问题，如下所示

@Bean
public SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http ) {

    final String[] skipUrls = new String[] { "/user-account/user/login" };

    final String[] skipSwaggerUrls = new String[] {
            "/favicon.ico",
            "/doc.html",
            "/webjars/**",
            "/swagger-resources/**",
            "/**/v2/api-docs" };

    JwtAuthenticationConverter authenticationConverter = new JwtAuthenticationConverter();
    authenticationConverter.setJwtGrantedAuthoritiesConverter( new JwtTokenGrantedAuthoritiesConverter() );
    ReactiveJwtAuthenticationConverterAdapter jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
            authenticationConverter );

    // change
    ServerWebExchangeMatcher pathMatchers = ServerWebExchangeMatchers
            .pathMatchers( ArrayUtils.addAll( skipUrls, skipSwaggerUrls ) );

    http.securityMatcher( new NegatedServerWebExchangeMatcher( pathMatchers ) )
            .authorizeExchange()
            .pathMatchers( "/**" ).access( new UserAuthorityReactiveAuthorizationManager() )
            .anyExchange().authenticated()
            .and().csrf().disable()
            .addFilterAfter( new AuthWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION )
            .oauth2ResourceServer()
            .bearerTokenConverter( new JwtExtractTokenAuthenticationConverter() )
            .authenticationEntryPoint( new UserAuthenticationEntryPoint() )
            .accessDeniedHandler( new UserAccessDeniedHandler() )
            .jwt()
            .jwtAuthenticationConverter( jwtAuthenticationConverter );

    return http.build();
}

这是我的问题

赞(0）回复(0）举报 2021-07-24

我来回答

security-webflux应用程序中如何将静态资源请求排除在过滤器之外

1条答案

相关问题

热门标签

最新问答