一、背景
在我们实际的开发过程中,有些时候可能存在这么一些情况,某些api 比如: /api
@Configuration
public class AppSecurityConfig {
@Bean
@Order(1)
public SecurityFilterChain appSecurityFilterChain(HttpSecurity http) throws Exception {
// 只处理 /api 开头的请求
return http.antMatcher("/api
@Configuration
public class WebSiteSecurityFilterChainConfig {
@Bean
@Order(2)
public SecurityFilterChain webSiteSecurityFilterChain(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
// 创建用户
authenticationManagerBuilder.inMemoryAuthentication()
.withUser("admin")
.password(new BCryptPasswordEncoder().encode("admin"))
.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_ADMIN"))
.and()
.withUser("dev")
.password(new BCryptPasswordEncoder().encode("dev"))
.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_DEV"))
.and()
.passwordEncoder(new BCryptPasswordEncoder());
// 只处理 所有 开头的请求
return http.antMatcher("
@Bean
public WebSecurityCustomizer webSecurityCustomizer( ){
return web -> web.ignoring()
.antMatchers("jscss
@Controller
public class ResourceController {
@GetMapping("/api/userInfo")
@ResponseBody
public Authentication showUserInfoApi() {
return SecurityContextHolder.getContext().getAuthentication();
}
@GetMapping("/index")
public String index(Model model){
model.addAttribute("username","张三");
return "index";
}
}
