我有一个典型的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
//http.authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();
}
现在spring要求除了登录页面之外的所有内容都进行登录。。。但是我怎么能换一种方式呢,所以它只要求查看/索引的登录页面?Od仅用于一组端点?谢谢
试试这个:
http
.authorizeRequests()
.antMatchers("/", "/index").authenticated()//Makes / and /index to be authenthicated
.anyRequest().permitAll()//Makes any other allow without authentication. Or if you want a group use antMatchers here too.
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();