您将覆盖以前的匹配器,请参阅HttpSecurity.html#antMatcher:
调用
antMatcher(String)将覆盖以前调用mvcMatcher(String)},requestMatchers(),antMatcher(String),regexMatcher(String),和requestMatcher(RequestMatcher)。
和HttpSecurity.html#regexMatcher:
调用
regexMatcher(String)将覆盖以前调用mvcMatcher(String)},requestMatchers(),antMatcher(String),regexMatcher(String),和requestMatcher(RequestMatcher)。
如果您需要多个配置
HttpSecurity,请参阅Spring
Security Reference:
我们可以配置多个HttpSecurity实例,就像我们可以具有多个
<http>块一样。关键是要扩展WebSecurityConfigurationAdapter多次。例如,以下是对以开头的URL具有不同配置的示例/api/。
> @EnableWebSecurity> public class MultiHttpSecurityConfig {> @Autowired> public void configureGlobal(AuthenticationManagerBuilder auth) { 1>auth> .inMemoryAuthentication()> .withUser("user").password("password").roles("USER").and()> .withUser("admin").password("password").roles("USER",> "ADMIN");> }> > @Configuration> @Order(1) 2> public static class ApiWebSecurityConfigurationAdapter extends> WebSecurityConfigurerAdapter {>protected void configure(HttpSecurity http) throws Exception {> http> .antMatcher("/api/**") 3> .authorizeRequests()> .anyRequest().hasRole("ADMIN")> .and()> .httpBasic();>}> }> > @Configuration 4> public static class FormLoginWebSecurityConfigurerAdapter extends> WebSecurityConfigurerAdapter {> >@Override>protected void configure(HttpSecurity http) throws Exception {> http> .authorizeRequests()> .anyRequest().authenticated()> .and()> .formLogin();>}> }> }
