SpringBoot 集成 SpringSecurity 排除所
2019-08-12 本文已影响0人
古刹飞鹰
package com.v246.common.config.spring.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
/**
* @author 艾纯禹 v246@qq.com
* @createDate 2019/08/12
* */
@Configuration
public class OauthSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin().and()
.csrf().disable()
.headers().cacheControl().disable().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//只排除指定扩展名的
// .authorizeRequests().regexMatchers("/[\\S]*\\.(html|js|css|jpg|jpeg|gif|png|bmp|pdf|txt|ppt|pptx|xls|xlsx|doc|docx|zip|rar|7z)").permitAll()
//带扩展名的都排除,这个配置最简单、粗暴,因为springBoot项目的后端资源uri一般都是不带扩展名的,作者:艾纯禹 email:v246@qq.com
.authorizeRequests().regexMatchers("/[\\S]*\\.[\\d\\w]{1,8}").permitAll()
.anyRequest().authenticated();
}
}
