protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/auth/login").permitAll()
.antMatchers("/auth/test").hasRole("ADMIN") // 这里的配置不起作用,其他角色一样可以访问
.anyRequest().authenticated()
.and().exceptionHandling()
.accessDeniedHandler((req, resp, e)-> resultUtil.write(resp, ResultCode.UNAUTHORIZED, null))
.authenticationEntryPoint((req, resp, e) -> resultUtil.write(resp, ResultCode.NO_LOGIN, null))
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.cors();
}
其他的hasAnyRole, hasAuthority, hasAnyAuthority同样也不起作用。
springboot 版本 2.3.7.RELEASE