SpringSecurity使用注解实现匿名访问
原文链接:https://blog.csdn.net/qq_28597959/article/details/114094758SpringSecurity实现匿名访问的方式如下,
/**
* spring security配置
* {@link EnableGlobalMethodSecurity } 如果想要启用spring方法级安全时,使用这个注解
*
* @author ruoyi
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
// 对于登录login 验证码captchaImage 允许匿名访问
.antMatchers("/login", "/captchaImage").anonymous();
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
如果有很多个路径都需要匿名访问,那岂不是要在 antMatchers 加很多路径?这样太繁琐
使用注解方式实现匿名访问,步骤如下
先定义一个注解
/**
* Security允许匿名访问
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface AnonymousAccess {
}
1
2
3
4
5
6
7
8
修改 security 配置类
/**
* spring security配置
* {@link EnableGlobalMethodSecurity } 如果想要启用spring方法级安全时,使用这个注解
*
* @author ruoyi
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
// 对于登录login 验证码captchaImage 允许匿名访问
.antMatchers("/login", "/captchaImage").anonymous()
// 所有加 AnonymousAccess 注解的请求都允许匿名访问
.antMatchers(getAnonymousUrls()).anonymous();
}
/**
* 获取标有注解 AnonymousAccess 的访问路径
*/
private String[] getAnonymousUrls() {
// 获取所有的 RequestMapping
Map<RequestMappingInfo, HandlerMethod> handlerMethods = SpringUtils.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
Set<String> allAnonymousAccess = new HashSet<>();
// 循环 RequestMapping
for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethods.entrySet()) {
HandlerMethod value = infoEntry.getValue();
// 获取方法上 AnonymousAccess 类型的注解
AnonymousAccess methodAnnotation = value.getMethodAnnotation(AnonymousAccess.class);
// 如果方法上标注了 AnonymousAccess 注解,就获取该方法的访问全路径
if (methodAnnotation != null) {
allAnonymousAccess.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
}
}
return allAnonymousAccess.toArray(new String[0]);
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
使用
@RestController
@RequestMapping("/consignment")
public class RmbssDcDepotController extends BaseController {
@Autowired
private IRmbssDcDepotService rmbssDcDepotService;
/**
* 查询所有有效的代储车间
* @AnonymousAccess 允许匿名访问的注解
*/
@AnonymousAccess
@GetMapping("/plantList")
public AjaxResult plantList(RmbssDcDepot rmbssDcDepot) {
return AjaxResult.success(rmbssDcDepotService.selectDcPlantList(rmbssDcDepot));
}
}
相关文章
- springSecurity自定义认证配置
- springSecurity初步认识和执行流程
- SpringSecurity的rememberme
- SpringBoot整合SpringSecurity做认证和权限控制案例(含Demo代码)
- SpringSecurity基于数据库RBAC数据模型控制权限
- SpringSecurity实现短信验证码登录(Token)
- SpringSecurity如何退出登录
- SpringBoot2.x集成springSecurity和OAuth2.0启动错误处理
- 浅析如何使用SpringSecurity实现密码加密
- SpringBoot+SpringSecurity集成权限管理快速打造企业级声明式安全认证授权解决方案之SpringBoot+SpringSecurity+mybatis+mysql
- springsecurity前端代码
- SpringSecurity系列(二) Spring Security入门