我试图使用permitAll()将登录和注册端点列入白名单,以避免通过JWTRequestFilter;方法,但是所有的请求都要通过它。
package com.ecommerce.ecommerce.security;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
@AllArgsConstructor
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final JWTRequestFilter jwtRequestFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception
{
httpSecurity.csrf(AbstractHttpConfigurer::disable);
httpSecurity.cors(AbstractHttpConfigurer::disable);
httpSecurity.addFilterBefore(jwtRequestFilter, AuthorizationFilter.class);
httpSecurity.authorizeHttpRequests((auth) -> auth
.requestMatchers("/api/v1/auth/login", "/api/v1/auth/register")
.permitAll().anyRequest().authenticated());
httpSecurity.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return httpSecurity.build();
}
}字符串
我尝试使用web.ignoring()方法将其列入whitlist,但仍然不起作用,并且我还了解到WebSecurityConfigurerAdapter已被弃用,并且在Spring Security 6.0中不再可用,正如一些旧线程所建议的那样。
1条答案
按热度按时间mklgxw1f1#
试试这个
字符串