忽略某些URL路径，Spring Security

Question

我想禁用Spring（或我）为“ / login” URL提供的所有过滤器。 我已经编写了这段代码，但是Spring似乎忽略了这些代码行。 我究竟做错了什么？

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .cors()
            .and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().authorizeRequests()
            .antMatchers(HttpMethod.GET, AUTH_WHITELIST).permitAll()
            .antMatchers("/admin").hasAuthority("ADMIN")
            .anyRequest().authenticated()
            .and().requestCache().disable()
            .logout().and().rememberMe().disable()
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/login");
}

Answer 1

您需要在httpSecurity中指定登录表单在哪里，请尝试类似这样的操作

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
                  .antMatchers(HttpMethod.GET, AUTH_WHITELIST).permitAll()
                  .antMatchers("/admin").hasAuthority("ADMIN")
                  .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}