我想对此“/realtime/updates”网址进行限制,但如果我请求“/anyurl”,它会将我重定向到登录页面。我只想重定向到“/realtime/updates”的登录页面。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecConfig1 extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().antMatchers("/realtime/updates").hasRole("USER").anyRequest().authenticated().and().formLogin();
}
@Autowired
public void ConfigGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("abc").password("123").roles("USER");
}
}
最佳答案
您需要更改 protected void configure
方法中的一个片段。
试试这个:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/**").permitAll()
.antMatchers("/realtime/updates").hasRole("USER")
.and().formLogin().permitAll();
}
关于java - Spring 启动安全,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45611648/