@Bean
public SecurityFilterChain formLoginFilterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/admin/**", "/hello").hasRole("ADMIN")
.requestMatchers("/user/**").hasAnyRole("ADMIN", "USER")
.requestMatchers("/db/**").access(allOf(hasRole("DB")))
.anyRequest().authenticated()
);
httpSecurity.formLogin(Customizer.withDefaults());
return httpSecurity.build();
}
@Bean
@Order(1)
public SecurityFilterChain FilterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.securityMatcher("/api/**")
.authorizeHttpRequests(authorize -> authorize
.anyRequest().hasRole("ADMIN")
);
httpSecurity.httpBasic(Customizer.withDefaults());
return httpSecurity.build();
}
以上是我的httpsecurity的配置,但是访问api的url时会直接访问成功,没有经过授权的(登录和Basic)
块引用