标签:bpa example lock 官方 ssi request ble xtend apt
AntPathMatcher通配符规则
官方示例:
The mapping matches URLs using the following rules:
? matches one character* matches zero or more characters** matches zero or more directories in a path{spring:[a-z]+} matches the regexp [a-z]+ as a path variable named "spring"com/t?st.jsp — matches com/test.jsp but also com/tast.jsp or com/txst.jspcom/*.jsp — matches all .jsp files in the com directorycom/**/test.jsp — matches all test.jsp files underneath the com pathorg/springframework/**/*.jsp — matches all .jsp files underneath the org/springframework pathorg/**/servlet/bla.jsp — matches org/springframework/servlet/bla.jsp but also org/springframework/testing/servlet/bla.jsp and org/servlet/bla.jspcom/{filename:\\w+}.jsp will match com/test.jsp and assign the value test to the filename variableNote: a pattern and a path must both be absolute or must both be relative in order for the two to match. Therefore it is recommended that users of this implementation to sanitize patterns in order to prefix them with "/" as it makes sense in the context in which they‘re used.
补充示例:
AntPathRequestMatcher的构造函数
public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive, UrlPathHelper urlPathHelper) { Assert.hasText(pattern, "Pattern cannot be null or empty"); this.caseSensitive = caseSensitive; if (!pattern.equals("/**") && !pattern.equals("**")) { if (pattern.endsWith("/**") && pattern.indexOf(63) == -1 && pattern.indexOf(123) == -1 && pattern.indexOf(125) == -1 && pattern.indexOf("*") == pattern.length() - 2) { this.matcher = new AntPathRequestMatcher.SubpathMatcher(pattern.substring(0, pattern.length() - 3), caseSensitive); } else { this.matcher = new AntPathRequestMatcher.SpringAntMatcher(pattern, caseSensitive); } } else { pattern = "/**"; this.matcher = null; } this.pattern = pattern; this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null; this.urlPathHelper = urlPathHelper; }
对某些路径放开csrf限制:
对以/outer/开头的所有路径放开csrf限制:
public class FactorySecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.httpBasic().disable(); http.csrf().ignoringAntMatchers("/outer/**") .and().authorizeRequests().antMatchers("/**").permitAll(); super.configure(http); } }
标签:bpa example lock 官方 ssi request ble xtend apt
原文地址:https://www.cnblogs.com/crazyghostvon/p/AntPathMatcher.html
