Spring Boot 项目安全配置，放行指定规则的 HTTP 请求

 

Spring Boot 项目安全配置，放行指定规则的 HTTP 请求

 

package com.joyupx.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Spring Security 配置类
 * //@Order(99)  // 指定唯一的顺序值
 */
@Configuration
@EnableWebSecurity
@Order(99)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*http.formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/")
            .permitAll()
            .and()
            .logout()
            .permitAll();*/

            http.authorizeRequests()
                // 放行所有路径，即不拦截任何 HTTP 请求。
                .antMatchers("/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .csrf().disable();  // 禁用 CSRF 防护
        
    }

}