Spring Security无法放行静态资源

英魂末路横天戾血
  • 97

图片.png

Spring Security为什么mvcMatchers可以放行静态资源,antMatchers却依旧会被拦截呢?

回复
阅读 445
1 个回答
✓ 已被采纳

这两个方法其实差不多,ant 模式只遵循 ant-style 模式的匹配,而mvc 模式提供更加丰富的匹配模式。

  • antMatchers("/secured") matches only the exact /secured URL
  • mvcMatchers("/secured") matches /secured as well as /secured/, /secured.html, /secured.xyz

AbstractRequestMatcherRegistry#mvcMatchers 上面的注释也说得很清楚

Maps an {@link MvcRequestMatcher} that does not care which {@link HttpMethod} is used. This matcher will use the same rules that Spring MVC uses for matching. For example, often times a mapping of the path "/path" will match on "/path", "/path/", "/path.html", etc.If the current request will not be processed by Spring MVC, a reasonable default using the pattern as a ant pattern will be used.

基本可以说ant 是 mvc的真子集,主要还是 MatchableHandlerMapping 提供了丰富的扩展,具体也可以参考MvcRequestMatcher的代码。

stackoverflow 又类似的问题:https://stackoverflow.com/que...

你知道吗?

宣传栏