如何在JavaConfig定義HTTP「安全=‘無’？

Question

我想定義類似於使用Java的配置此XML在春季啓動的東西。

<http pattern="/webservices/**" security="none"/>

我需要確保他們以不同的方式並且不能進行表單登錄，保護它們會晚一些，現在我想用http.formLogin（）來阻止它們的安全保護

我重寫了WebSecurityConfigurerAdapter.configure（），我找不到API說，像這樣：

http.securityNone().antMatchers("/webservices")

這裏是我的配置（）現在法：

@Override 
protected void configure(HttpSecurity http) throws Exception 
    http.csrf().disable(); 
    http.headers().frameOptions().disable(); 

    http.authorizeRequests() 
      .antMatchers("/resources/**", 
//"/services/**", THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'. NO GOOD! 
//"/remoting/**", THIS LOGS IN AUTOMATICALLY AS 'ANONYMOUS'. NO GOOD! 
         "/pages/login", 
         "/pages/loginFailed").permitAll() 

    // Only authenticated can access these URLs and HTTP METHODs 
    .antMatchers("/secured/**").authenticated() 
    .antMatchers(HttpMethod.HEAD,"/**").authenticated() 
    .antMatchers(HttpMethod.GET,"/**").authenticated() 
    .antMatchers(HttpMethod.POST,"/**").authenticated() 
    .antMatchers(HttpMethod.PUT,"/**").authenticated() 
    .antMatchers(HttpMethod.DELETE,"/**").authenticated(); 

    // Accept FORM-based authentication 
    http.formLogin() 
     .failureUrl("/pages/loginFailed") 
     .defaultSuccessUrl("/") 
     .loginPage("/pages/login") 
     .permitAll() 
     .and() 
     .logout() 
     .logoutRequestMatcher(new AntPathRequestMatcher("/pages/logout")) 
     .logoutSuccessUrl("/pages/login") 
     .permitAll(); 

    http.formLogin().successHandler(new AppLoginSuccessHandler()); 

} 

Answer 1

按照WebSecurityConfigurerAdapter的JavaDoc：

/** 
* Override this method to configure {@link WebSecurity}. For 
* example, if you wish to ignore certain requests. 
*/ 
public void configure(WebSecurity web) throws Exception { 
} 

可以是這樣做的：

@Override 
public void configure(WebSecurity web) throws Exception { 
    web.ignoring() 
     .antMatchers("/webservices/**"); 
}