堆栈内存溢出
  简体   繁体   English

排除对 URL 的请求通过 Spring Security 过滤器运行

[英]Exclude requests to URL from being run through Spring Security filters

 原文  2020-10-15 18:16:28       java/ spring/ spring-security

问题描述

I have a Spring boot application, and a custom authentication filter.我有一个 Spring Boot 应用程序和一个自定义身份验证过滤器。 The application has a URL "/" where I'd like to avoid having any Spring Security filters being run (both authentication and authorization), including my custom filter.该应用程序有一个 URL“/”,我希望避免在其中运行任何 Spring Security 过滤器(身份验证和授权),包括我的自定义过滤器。

I do not want to configure WebSecurity to ignore this URL, as there are some other Spring Security features that I would like to apply, and my understanding is that using:我不想将WebSecurity配置为忽略此 URL,因为我想应用其他一些 Spring Security 功能,我的理解是使用:

webSecurityBuilder.ignoring().antMatchers("/");

Would keep all Spring Security features from running on this URL.将阻止所有Spring Security 功能在此 URL 上运行。

Is there a way to use HttpSecurity for this?有没有办法为此使用 HttpSecurity?

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationFilter customAuthFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
http.antMatcher("/").
                anonymous().and().authorizeRequests()
                .antMatchers("/", "/index.html").permitAll()
                .anyRequest().authenticated();

        http.addFilterBefore(customAuthFilter, UsernamePasswordAuthenticationFilter.class);

    }

This is what I have so far, but for some reason when I navigate to "/" I still hit my custom filter.到目前为止,这就是我所拥有的,但出于某种原因,当我导航到“/”时,我仍然点击了我的自定义过滤器。

1 个解决方案

解决方案1
 0  2020-10-16 07:14:47

The below is solution.下面是解决方法。 The abstract is that you should define two WebSecurityConfigurerAdapter with different order.摘要是您应该定义两个具有不同顺序的 WebSecurityConfigurerAdapter。 Pls take a try.请试一试。 solution 解决方案

The below code is copied from there.下面的代码是从那里复制的。

@Configuration
@Order(1)
public class OnlyHeadersConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) {
        http
            .antMatchers("/special/endpoints/**")
                .authorizeRequests((authz) -> authz.anyRequest().permitAll())
                .anonymous();
    }
}

@Configuration
@Order(2)
public class MainSecurityConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) {
        http
            .authorizeRequests(authz -> authz.anyRequest().authenticated())
            .addFilterAt(new MyCustomFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security:从SiteMinder中排除URL - Spring Security: exclude an URL from SiteMinder Spring Security禁用从特定URL发出的请求的安全性 - Spring Security disable security for requests made FROM a certain url 如何在 Spring Security 中忽略/排除 url 模式 - How to ignore/exclude a url pattern in spring security 从其他Spring Security过滤器访问数据 - Access data from other spring security filters 如何在 Java Spring 中排除某些 HTTP 请求(例如 /health Endpoint) - How to exclude certain HTTP requests from being logged in Java Spring (e.g. /health Endpoint) 从spring-starter-security中排除网址 - Exclude urls from spring-starter-security 具有相同过滤器的多个URL映射可以提高Spring Security 3.x - Multiple URL mapping with same filters spring security 3.x 使用AntPathRequestMatcher的Spring安全过滤器 - Spring Security Filters with AntPathRequestMatcher Spring @ComponentScan排除/包含过滤器 - Spring @ComponentScan exclude/include filters 弹簧过滤器没有被调用 - Spring Filters not being called
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM