configure 配置
@Override protected void configure(HttpSecurity http) throws Exception { // We don\'t need CSRF for this example http.csrf().disable() // dont authenticate this particular request .authorizeRequests().antMatchers("http://www.likecs.com/", "/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/img/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**", "/statics/**", "/login", "/register").permitAll(). // all other requests need to be authenticated anyRequest().authenticated().and(). // make sure we use stateless session; session won\'t be used to // store user\'s state. //覆盖默认登录 exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement() // 基于token,所以不需要session .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Add a filter to validate the tokens with every request http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); }参考
Spring Security 权限认证
springSecurity 之 http Basic认证
轻松上手SpringBoot Security + JWT Hello World示例