springboot2.1.3 集成springSecurity设置了不需要登入的url无效,全部访问没有登入都跳转到未登入的handler里面。求助哇。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String[] AUTH_WHITELIST = {
"/api/login",
"/user/list"
};
@Autowired
private AjaxAuthenticationEntryPointHandler authenticationEntryPoint; // 未登陆时
@Autowired
private AjaxAuthenticationSuccessHandler authenticationSuccessHandler; // 登录成功
@Autowired
private AjaxAuthenticationFailureHandler authenticationFailureHandler; // 登录失败
@Autowired
private AjaxLogoutSuccessHandler logoutSuccessHandler; // 注销成功
@Autowired
private AjaxAccessDeniedHandler accessDeniedHandler; // 无权访问
@Autowired
private UserLoginService userLoginService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 加入自定义的安全认证
auth.userDetailsService(userLoginService).passwordEncoder(new BCryptPasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return SecurityUtils.encryptPassword((String) rawPassword);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return encodedPassword.equals(SecurityUtils.encryptPassword((String) rawPassword));
}
});
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()// 去掉 CSRF
.anonymous().disable()
.httpBasic()
.and()
//开启登录
.formLogin()
.successHandler(authenticationSuccessHandler) // 登录成功
.failureHandler(authenticationFailureHandler) // 登录失败
.permitAll()
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint) //没有登入时候的回调函数
.accessDeniedHandler(accessDeniedHandler)// 无权访问 JSON 格式的数据
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/user/list").permitAll()
.anyRequest().authenticated()
;
}
/*
@Override
public void configure(WebSecurity web) throws Exception {
//静态资源不拦截
// web.ignoring().antMatchers(AUTH_WHITELIST);
}
*/
}
