发表新帖
发表新帖

Preventing spring-security to redirect invalid urls to login page

前端 未结
关注
2 791
遇见更好的自我
遇见更好的自我 2021-01-25 04:59

I\'ve setup a spring-boot + spring-mvc + spring-security project.

Everything work as expected right now except for the invalid urls.

If I issue:
2条回答
  • 感情败类
    感情败类 (楼主)
    2021-01-25 05:56

    To customize your particular use case apply the inverted logic as suggested. You could do like this:

    1) Replace 

    .anyRequest().authenticated()

    by

    .anyRequest().anonymous()

    2) Add 

    .antMatchers("/protected-urls/**").authenticated()

    The rule in 2) must come before that in 1) as the first match applies. Unless you have a common url prefix for protected resources you'll have to declare all the authenticated urls one by one.

    You can also apply additional configuration overriding the 

    public void configure(WebSecurity web)...

    for example to ignore static resources:

    web.ignoring().antMatchers("/favicon.ico", "*.css")

    Hope that helps.

    0 讨论(0)
 看不清?
提交回复
热议问题