Spring Security 多过滤链的使用详解

2024-04-02 19:55

短信预约 -IT技能 免费直播动态提醒

一、背景

在我们实际的开发过程中，有些时候可能存在这么一些情况，某些api 比如： /api @Configuration public class AppSecurityConfig { @Bean @Order(1) public SecurityFilterChain appSecurityFilterChain(HttpSecurity http) throws Exception { // 只处理 /api 开头的请求 return http.antMatcher("/api @Configuration public class WebSiteSecurityFilterChainConfig { @Bean @Order(2) public SecurityFilterChain webSiteSecurityFilterChain(HttpSecurity http) throws Exception { AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); // 创建用户 authenticationManagerBuilder.inMemoryAuthentication() .withUser("admin") .password(new BCryptPasswordEncoder().encode("admin")) .authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_ADMIN")) .and() .withUser("dev") .password(new BCryptPasswordEncoder().encode("dev")) .authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_DEV")) .and() .passwordEncoder(new BCryptPasswordEncoder()); // 只处理所有开头的请求 return http.antMatcher(" @Bean public WebSecurityCustomizer webSecurityCustomizer( ){ return web -> web.ignoring() .antMatchers("jscss @Controller public class ResourceController { @GetMapping("/api/userInfo") @ResponseBody public Authentication showUserInfoApi() { return SecurityContextHolder.getContext().getAuthentication(); } @GetMapping("/index") public String index(Model model){ model.addAttribute("username","张三"); return "index"; } }

4、引入jar包


<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>