如何在基于 Spring 的反应式应用程序中从身份验证中排除路径?
在非响应式 spring 应用程序中,我通常会创建一个配置类,扩展 WebSecurityConfigurerAdapter 并像这样配置 WebSecurity:
In a non reactive spring application I would usually create a configuration class, extend WebSecurityConfigurerAdapter and configure the WebSecurity like such:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/pathToIgnore");
}
如何在响应式应用程序中执行等效操作?
How can I do the equivalent in a reactive application?
在你用 @EnableWebFluxSecurity 和 @EnableReactiveMethodSecurity 注释的安全配置类中,注册一个 bean如下:
In your security config class which you have annotated with @EnableWebFluxSecurity and @EnableReactiveMethodSecurity, register a bean as follows:
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange()
.pathMatchers("/pathToIgnore")
.permitAll()
.anyExchange()
.authenticated()
.and()
.formLogin()
.and()
.csrf()
.disable()
.build();
}
在此配置中,pathMatchers("/pathToIgnore").permitAll() 会将其配置为允许匹配的路径从 auth 和 anyExchange().authenticated() 会将其配置为对所有其他请求进行身份验证.
In this config, pathMatchers("/pathToIgnore").permitAll() would configure it to allow the paths matched to be excluded from auth and anyExchange().authenticated() would configure it to authenticate all other requests.