问题遇到的现象和发生背景
在SpringSecurity使用jwt令牌实现认证登录时使用如下方式放行相关静态资源和接口无效,仍然进行了token认证
问题相关代码
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login","/doc.html","/swagger-resources/**",
"/v2/api-docs/**","/webjars/**","/capture","/test/**","/ws/**","/logOut",
"/admins/userFaces","/index.html","/css/**","/js/**","/fonts/**").permitAll()//放行相关请求和资源
.anyRequest().authenticated()//除了上面的其他都需要认证
.withObjectPostProcessor(getObjectPostProcessor())//动态权限配置
.and()
.addFilterBefore(getJwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)//添加登陆过滤器
.exceptionHandling()//添加异常处理过滤器
.authenticationEntryPoint(restAuthenticationEntryPoint)//未认证异常过滤器
.accessDeniedHandler(restfulAccessDeniedHandler)//权限拒绝异常过滤器
.and()
.csrf().disable()//使用jwt,不需要使用csrf拦截器
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//不需要使用session
.and()
.headers().cacheControl();//禁用缓存
}