@Configuration
@EnableGlobalMethodSecurity(prePostEnabled
=true)
public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http
) throws Exception
{
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy
.STATELESS
).and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.and()
.addFilterBefore(new TokenFilter(), UsernamePasswordAuthenticationFilter
.class);
}
@Override
public void configure(WebSecurity web
) throws Exception
{
web
.ignoring()
.antMatchers("/")
.antMatchers("/swagger-ui.html")
.antMatchers("/swagger-resources/**")
.antMatchers("/webjars/springfox-swagger-ui/**")
.antMatchers("/v2/api-docs/**");
}
}
这是修改后正常工作的配置文件.
之前使用@component注解, 然后使用@Resource注入进来. 导致过滤器全局生效.
正常配置,应该手动new, 而且过滤器类不能加@Component注解
具体原因,之后有空研究一下.
