因此,我终于再次回到研究这个问题,结果发现解决方案几乎和我期望的一样简单。解决方案是有两个WebSecurityConfigurerAdapter
类。此处描述:
http://docs.spring.io/spring- security/site/docs/3.2.x/reference/htmlsingle/#multiple- httpsecurity
执行此操作时需要注意两件事:
因此,它们是:
@Configuration
@EnableWebSecurity
@Order(1)
public class APISecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Order(1)
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().fullyAuthenticated().and()
.httpBasic().and()
.csrf().disable();
}
}
和
@Configuration
@EnableWebSecurity
public class UISecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/ui/**").authenticated();
}
}