环境项目结构允许匿名访问某些资源测试
环境操作系统:
Windows 10 x64
集成开发环境:
Spring Tool Suite 4 Version: 4.12.1.RELEASE Build Id: 202110260750
浏览器(客户端):
Google Chrome 版本 99.0.4844.51(正式版本) (64 位)项目结构
参考:Spring Security - 10 使用内置的国际化配置
允许匿名访问某些资源修改 HelloController 控制器类,添加两个资源(第 23 ~ 35、 37 ~ 47 行):
package com.mk.controller;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.CurrentSecurityContext;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class HelloController {
// 其他保持不变...
@GetMapping(path = "anonymous/1")
@ResponseBody
public Map anonymous1(@CurrentSecurityContext SecurityContext context, HttpServletRequest request) {
Map map = new HashMap<>();
Authentication authentication = context.getAuthentication();
map.put("URL", request.getRequestURL().toString());
map.put("sessionId", request.getSession().getId());
map.put("authentication", authentication);
return map;
}
@GetMapping(path = "anonymous/2")
@ResponseBody
public Map anonymous2(Authentication authentication, HttpServletRequest request) {
Map map = new HashMap<>();
map.put("URL", request.getRequestURL().toString());
map.put("sessionId", request.getSession().getId());
map.put("authentication", authentication);
return map;
}
}
修改 WebSecurityConfigurer 配置类,添加允许匿名访问的资源的路径(第 30 ~ 33 行):
package com.mk.security.config.annotation.web.configuration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.User.UserBuilder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
//@Configuration
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
// 其他保持不变...
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin(); // 默认的表单登录配置
http.authorizeRequests(customizer -> {
String anonymous[] = { "/anonymous/1", "/anonymous/2" };
// String anonymous[] = { "/anonymous/**" };
// Specify that URLs are allowed by anyone.
customizer.antMatchers(anonymous).permitAll();
// Any request are allowed by any authenticated user.
customizer.anyRequest().authenticated();
});
}
}
测试
启动应用,打开浏览器,在未登录(匿名)的情况下分别访问 http://localhost:8080/anonymous/1 和 http://localhost:8080/anonymous/2,看看效果:
