application.yml:
security:
basic:
enabled: false
ResourceServerConfig:
@EnableResourceServer
@Configuration
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
super.configure(resources);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
// For org.springframework.security.web.SecurityFilterChain.matches(HttpServletRequest)
.requestMatchers(
new NegatedRequestMatcher(
new OrRequestMatcher(
new AntPathRequestMatcher("/login"),
new AntPathRequestMatcher("/logout"),
new AntPathRequestMatcher("/oauth/authorize"),
new AntPathRequestMatcher("/oauth/confirm_access")
)
)
)
.and()
.authorizeRequests().anyRequest().authenticated();
}
}
WebSecurityConfig:
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
// For org.springframework.security.web.SecurityFilterChain.matches(HttpServletRequest)
.requestMatchers(
new OrRequestMatcher(
new AntPathRequestMatcher("/login"),
new AntPathRequestMatcher("/logout"),
new AntPathRequestMatcher("/oauth/authorize"),
new AntPathRequestMatcher("/oauth/confirm_access")
)
)
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
.logout().permitAll();
}
}
參考:https://github.com/spring-projects/spring-security-oauth/issues/1024
