我确定在Spring Security XML中可以做到这一点,但是由于我使用的是Java Config,因此这是我的解决方案。
@Configuration @EnableWebSecurity public class SecurityConfig { @Configuration @Order(1) public static class SoapApiConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/soap/**") .csrf().disable() .httpBasic(); } } @Configuration public static class WebApiConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginProcessingUrl("/authentication") .usernameParameter("j_username") .passwordParameter("j_password").permitAll() .and() .csrf().disable() } }}
