使用 HttpSecurity.requestMatchers 在 class ResourceServerConfiguration.configure 在 spring oauth2
using HttpSecurity.requestMatchers in class ResourceServerConfiguration.configure in spring oauth2
我一直在努力理解如何以及何时使用 HttpSecurity.requestMatchers。虽然我使用 HttpSecurity.requestMatchers 但我调用了 authorizeRequests 和 antMatchers 来指定安全规则。
我什么时候应该使用
http.requestMatchers()
.antMatchers("/secure/**","/patients/**","/patient/**", "/hello/**")
.and()
.authorizeRequests().antMatchers("/secure/**","/books/**","/book/**", "/hello/**")
.hasAnyRole("ADMIN","USER");
超过
http
.authorizeRequests().antMatchers("/secure/**","/books/**","/hello/**", "/hello/**")
.hasAnyRole("ADMIN","USER");
一个场景可以帮助我理解 HttpSecurity.requestMatchers
的用例
我确实调查了 requestMatchers,但我还是不清楚
如果您需要在您的应用程序中配置多个 HttpSecurity,那么您通常会使用 HttpSecurity.requestMatchers() 或替代(但相似)配置选项之一:
HttpSecurity.requestMatcher(RequestMatcher)HttpSecurity.antMatcher(String)HttpSecurity.mvcMatcher(String)HttpSecurity.regexMatcher(String)
中的参考
例如,如果您的应用程序有一组 API 以基本路径 /api 为根,并且应用程序的管理部分的另一类端点以基本路径 /admin,你可能会为你的应用程序定义 2x WebSecurityConfigurerAdapter:
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/api/**")
.and()
.authorizeRequests()
.antMatchers("/api/endpoint1")
.hasRole("USER1");
}
}
@Configuration
public static class AdminWebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/admin/**")
.and()
.authorizeRequests()
.antMatchers("/admin/endpoint1")
.hasRole("ADMIN1");
}
}
}
但是,如果您只提供 1x WebSecurityConfigurerAdapter,则无需配置 HttpSecurity.requestMatchers()(或任何替代项),因为它会自动默认为 HttpSecurity.requestMatcher(AnyRequestMatcher.INSTANCE)。所以对于这些配置情况,这就足够了:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(...
}
}
希望这是有道理的?
我一直在努力理解如何以及何时使用 HttpSecurity.requestMatchers。虽然我使用 HttpSecurity.requestMatchers 但我调用了 authorizeRequests 和 antMatchers 来指定安全规则。
我什么时候应该使用
http.requestMatchers()
.antMatchers("/secure/**","/patients/**","/patient/**", "/hello/**")
.and()
.authorizeRequests().antMatchers("/secure/**","/books/**","/book/**", "/hello/**")
.hasAnyRole("ADMIN","USER");
超过
http
.authorizeRequests().antMatchers("/secure/**","/books/**","/hello/**", "/hello/**")
.hasAnyRole("ADMIN","USER");
一个场景可以帮助我理解 HttpSecurity.requestMatchers
我确实调查了 requestMatchers,但我还是不清楚
如果您需要在您的应用程序中配置多个 HttpSecurity,那么您通常会使用 HttpSecurity.requestMatchers() 或替代(但相似)配置选项之一:
HttpSecurity.requestMatcher(RequestMatcher)HttpSecurity.antMatcher(String)HttpSecurity.mvcMatcher(String)HttpSecurity.regexMatcher(String)
例如,如果您的应用程序有一组 API 以基本路径 /api 为根,并且应用程序的管理部分的另一类端点以基本路径 /admin,你可能会为你的应用程序定义 2x WebSecurityConfigurerAdapter:
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/api/**")
.and()
.authorizeRequests()
.antMatchers("/api/endpoint1")
.hasRole("USER1");
}
}
@Configuration
public static class AdminWebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/admin/**")
.and()
.authorizeRequests()
.antMatchers("/admin/endpoint1")
.hasRole("ADMIN1");
}
}
}
但是,如果您只提供 1x WebSecurityConfigurerAdapter,则无需配置 HttpSecurity.requestMatchers()(或任何替代项),因为它会自动默认为 HttpSecurity.requestMatcher(AnyRequestMatcher.INSTANCE)。所以对于这些配置情况,这就足够了:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(...
}
}
希望这是有道理的?