SpringBoot 集成 SpringSecurity 排除所

作者: 古刹飞鹰 | 来源:发表于2019-08-12 20:55 被阅读0次

SpringBoot 集成 SpringSecurity 排除所
iOS Developer的全栈之路 - Keycloak(3)
springboot整合springsecurity从Hello
springboot整合springsecurity从Hello
springboot整合springsecurity从Hello
springboot整合springsecurity从Hello
SpringBoot集成SpringSecurity - 入门（
SpringBoot集成SpringSecurity+CAS
SpringBoot集成SpringSecurity - 表单登
SpringBoot集成SpringSecurity - 异常处

package com.v246.common.config.spring.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
/**
 * @author 艾纯禹 v246@qq.com
 * @createDate 2019/08/12
 * */
@Configuration
public class OauthSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin().and()
                .csrf().disable()
                .headers().cacheControl().disable().and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                //只排除指定扩展名的
//                .authorizeRequests().regexMatchers("/[\\S]*\\.(html|js|css|jpg|jpeg|gif|png|bmp|pdf|txt|ppt|pptx|xls|xlsx|doc|docx|zip|rar|7z)").permitAll()
                //带扩展名的都排除，这个配置最简单、粗暴，因为springBoot项目的后端资源uri一般都是不带扩展名的，作者：艾纯禹 email:v246@qq.com
                .authorizeRequests().regexMatchers("/[\\S]*\\.[\\d\\w]{1,8}").permitAll()
                .anyRequest().authenticated();
    }
}