轻松上手SpringBoot+SpringSecurity+JWT实RESTfulAPI权限控制实战 (5)

configure 配置

@Override protected void configure(HttpSecurity http) throws Exception { // We don\'t need CSRF for this example http.csrf().disable() // dont authenticate this particular request .authorizeRequests().antMatchers("http://www.likecs.com/", "/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/img/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**", "/statics/**", "/login", "/register").permitAll(). // all other requests need to be authenticated anyRequest().authenticated().and(). // make sure we use stateless session; session won\'t be used to // store user\'s state. //覆盖默认登录 exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement() // 基于token,所以不需要session .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Add a filter to validate the tokens with every request http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); }

轻松上手SpringBoot+SpringSecurity+JWT实RESTfulAPI权限控制实战

轻松上手SpringBoot+SpringSecurity+JWT实RESTfulAPI权限控制实战

轻松上手SpringBoot+SpringSecurity+JWT实RESTfulAPI权限控制实战

参考

Spring Security 权限认证

springSecurity 之 http Basic认证

轻松上手SpringBoot Security + JWT Hello World示例

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/zypwzj.html