我有一个基本的SpringBoot 2.0.5.RELEASE应用程序。使用Spring Initializer,JPA,嵌入式Tomcat,Thymeleaf模板引擎并将其打包为可执行JAR文件。
我创建了一个基于自定义JWT的安全过滤器JwtFilter:
@Provider public class JwtAuthorizationTokenFilter extends OncePerRequestFilter { ... }
但我想绕过这个过滤器仅1个特定请求/法: "/api/v1/menus"当是POST
"/api/v1/menus"
POST
但我不知道是否有可能WebSecurityConfigurerAdapter:
WebSecurityConfigurerAdapter
JwtAuthorizationTokenFilter authenticationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil, tokenHeader); httpSecurity .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) .antMatcher("/api/v1/menus")
您可以shouldNotFilter从OncePerRequestFilter 重写该方法,如下所示:
shouldNotFilter
@Provider public class JwtAuthorizationTokenFilter extends OncePerRequestFilter { @Override protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException { return new AntPathMatcher().match("/api/v1/menus", request.getServletPath()); } }
