在把以前的xml配置改到java配置,找了半天没找到…于是试出来以后才在官方文档搜索到
引用一句话:
http拥有一个匹配URL的pattern(对应.antMatcher()),未指定时表示匹配所有的请求,其下的子元素intercept-url也有一个匹配URL的pattern(对应.antMatchers()),该pattern是在http元素对应pattern基础上的,也就是说一个请求必须先满足http对应的pattern才有可能满足其下intercept-url对应的pattern
java配置
参见spring官方文档5.9 Multiple HttpSecurity,我这里大概类似于这样
-
@Configuration
-
@Order(
1)
-
public
class RestSecurityConfig extends WebSecurityConfigurerAdapter {
-
-
@Override
-
protected void configure(HttpSecurity http) throws Exception {
-
http
-
.antMatcher(
"/rest/**")
-
.addFilterAt(rsFilter(), BasicAuthenticationFilter.class)
-
.exceptionHandling()
-
.authenticationEntryPoint(digestEntryPoint())
-
.and()
-
.csrf().disable()
-
.authorizeRequests()
-
.antMatchers(
"/**")
-
.hasRole(
"RSCLIENT")
-
}
-
}
原XML配置
参见14.6 Advanced Namespace Configuration,我这里类似
-
<http pattern="/rest/**" entry-point-ref="digestEntryPoint">
-
<intercept-url pattern='/**' access="hasRole('RSCLIENT')" />
-
<custom-filter ref="digestFilter" position="BASIC_AUTH_FILTER" />
-
<csrf disable="true" />
-
</http>