spring-security 忽略拦截接口源码跟踪

154 阅读1分钟

参考文档:

docs.spring.io/spring-secu…

docs.spring.io/spring-secu…

源码:

gitee.com/mayanze123/…

一、配置忽略拦截接口

package org.mayanze.dcims.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
//                .cors().and().csrf().disable()
                .authorizeRequests()
                .antMatchers("/sys/user/login","/boke/**","/sys/request-log/**","/swagger-resources/configuration/ui",
                        "/swagger-resources","/swagger-resources/configuration/security",
                        "/swagger-ui.html","/accountLogoutPromptServer").permitAll()
                .antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
                .anyRequest().authenticated();
    }
}

二、根据官网过滤器顺序,打断点从最后面往前跟踪,到第二个的时候

1.看这名字

image.png

2.找到了配置进去的接口

image.png