security-webflux应用程序中如何将静态资源请求排除在过滤器之外

zd287kbt  于 2021-07-24  发布在  Java
关注(0)|答案(1)|浏览(431)

我了解spring security servlet应用程序的以下内容:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().mvcMatchers(""/favicon.ico", "/doc.html", "/webjars/**", "/swagger-resources/**", "/**/v2/api-docs"");
}

以下请求将通过spring security应用程序上的筛选器:

@Bean
public SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http ) {

    final String[] skipSwaggerUrls = new String[] {
                    "/favicon.ico",
                    "/doc.html",
                    "/webjars/**",
                    "/swagger-resources/**",
                    "/**/v2/api-docs" };
            http.authorizeExchange()
                    .pathMatchers( skipSwaggerUrls ).permitAll()
                    .anyExchange().authenticated()
                    .and().csrf().disable()
                    .oauth2ResourceServer()
                    .bearerTokenConverter( new JwtExtractTokenAuthenticationConverter() )
                    .authenticationEntryPoint( new UserAuthenticationEntryPoint() )
                    .accessDeniedHandler( new UserAccessDeniedHandler() )
                    .jwt();

            return http.build();
    }

在springsecuritywebflux应用程序中,如何将静态资源请求排除在过滤器之外?
谢谢你的帮助

zdwk9cvp

zdwk9cvp1#

我现在已经解决了这个问题,如下所示

@Bean
public SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http ) {

    final String[] skipUrls = new String[] { "/user-account/user/login" };

    final String[] skipSwaggerUrls = new String[] {
            "/favicon.ico",
            "/doc.html",
            "/webjars/**",
            "/swagger-resources/**",
            "/**/v2/api-docs" };

    JwtAuthenticationConverter authenticationConverter = new JwtAuthenticationConverter();
    authenticationConverter.setJwtGrantedAuthoritiesConverter( new JwtTokenGrantedAuthoritiesConverter() );
    ReactiveJwtAuthenticationConverterAdapter jwtAuthenticationConverter = new ReactiveJwtAuthenticationConverterAdapter(
            authenticationConverter );

    // change
    ServerWebExchangeMatcher pathMatchers = ServerWebExchangeMatchers
            .pathMatchers( ArrayUtils.addAll( skipUrls, skipSwaggerUrls ) );

    http.securityMatcher( new NegatedServerWebExchangeMatcher( pathMatchers ) )
            .authorizeExchange()
            .pathMatchers( "/**" ).access( new UserAuthorityReactiveAuthorizationManager() )
            .anyExchange().authenticated()
            .and().csrf().disable()
            .addFilterAfter( new AuthWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION )
            .oauth2ResourceServer()
            .bearerTokenConverter( new JwtExtractTokenAuthenticationConverter() )
            .authenticationEntryPoint( new UserAuthenticationEntryPoint() )
            .accessDeniedHandler( new UserAccessDeniedHandler() )
            .jwt()
            .jwtAuthenticationConverter( jwtAuthenticationConverter );

    return http.build();
}

这是我的问题

相关问题