WebSecurityConfig的重要性

本文轉載自查看原文 2020-12-09 14:45 885

當你發布的應用不能直接請求時，多數原因是因為受到WebSecurityConfig.java的攔截。

可以通過修改此文件對某些請求進行放行。

例：

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final Logger log = LoggerFactory.getLogger(WebSecurityConfig.class);

    private final WebProperties webProperties;

    public WebSecurityConfig(WebProperties webProperties) {
    	this.webProperties = webProperties;
    }

	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/video/**").antMatchers("/resources/**").antMatchers("/publics/**")
				.antMatchers("/health-check").antMatchers("/**");
		web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/user/**").hasRole("USER")
				.anyRequest().authenticated();

		//http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
	}
	
	@Bean
	public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
	    StrictHttpFirewall firewall = new StrictHttpFirewall();
	    firewall.setAllowUrlEncodedSlash(true);    
	    return firewall;
	}

//
//    @Bean
//    public CorsFilter corsFilter() {
//
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        CorsConfiguration config = webProperties.getCors();
//
//        if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
//
//        	log.debug("Registering CORS filter");
//
//            source.registerCorsConfiguration("/api/**", config);
//            source.registerCorsConfiguration("/management/**", config);
//            source.registerCorsConfiguration("/v2/api-docs", config);
//        }
//
//        return new CorsFilter(source);
//    }

}

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 索引的重要性 java的重要性主動的重要性夢想的重要性關於習慣的重要性證書的重要性員工的重要性論JS的重要性流程梳理的重要性關於原型繼承的重要性