经过6小时的搜索,以下是解决方案:https :
//docs.spring.io/spring-
security/site/docs/current/reference/htmlsingle/#multiple-
httpsecurity
编辑:这是我的方法:
@EnableWebSecuritypublic class MultiHttpSecurityConfig { @Autowired private UserDetailsService userDetailsService; @Bean public PasswordEnprer passwordEnprer() { return new BCryptPasswordEnprer(12); } @Configuration @Order(1) public class ApiSecurityAdapter extends WebSecurityConfigurerAdapter { private TokenProvider tokenProvider; public ApiSecurityAdapter(TokenProvider tokenProvider) { this.tokenProvider = tokenProvider; } @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/api/**") //<= Security only available for /api/** .authorizeRequests() .antMatchers("/api/register").permitAll() .antMatchers("/api/login").permitAll() .antMatchers("/api/public").permitAll() .antMatchers("/api/lost").permitAll() .anyRequest().authenticated() .and() .apply(new JWTConfigurer(this.tokenProvider)) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } } @Configuration public class WebSecurityAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // <= Security available for others (not /api/) .authorizeRequests() .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')") .antMatchers("/").permitAll() .antMatchers("/login").permitAll() .antMatchers("/resources/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .usernameParameter("email") .passwordParameter("password") .defaultSuccessUrl("/central", false) .failureForwardUrl("/login/fail") .and() .logout() .invalidateHttpSession(true) .logoutUrl("/logout") .logoutSuccessUrl("/") .and() .csrf(); } }}希望这会有所帮助!
