- 在SecurityFilterChain中设置免登录接口地址。如果定义了多个SecurityFilterChain,并且前面的SecurityFilterChain里使用了anyRequest().authenticated(),后面的免登录可能会失效。
java
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api1/**", "/api2/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
}
- 使用WebSecurityCustomizer设置免登录接口地址。这里设置的免登录接口地址是优先于SecurityFilterChain进行判定的。
java
@Configuration
public class SecurityConfiguration {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/ignore1/**", "/ignore2/**");
}
}