英文:
Spring Security : HttpSecurity vs WebSecurity
问题
我无法区分以下 HttpSecurity 和 WebSecurity 方法。
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.antMatchers(HttpMethod.POST, "/api/v1/register");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers(HttpMethod.POST, "/api/v1/register").permitAll();
}
ignoring() 和 permitAll() 使得URL成为开放URL,从而允许未经身份验证的用户访问。
但是何时使用哪种方法?
HttpSecurity.authenticated() 方法允许所有经过身份验证的用户访问,无论其角色如何。
然而,WebSecurity.ignoring() 和 HttpSecurity.permitAll() 之间有什么区别呢?
英文:
I'm unable to differentiate between the following HttpSecurity and WebSecurity methods.
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.antMatchers(HttpMethod.POST, "/api/v1/register");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers(HttpMethod.POST, "/api/v1/register").permitAll();
}
ignoring() and permitAll() makes the URLs as open URL, thus giving access to un-authenticated users also.
But when to use which method ?
HttpSecurity.authenticated() method gives access to all authenticated users, irrespective of role.
But, what is the difference between WebSecurity. ignoring() and HttpSecurity.permitAll() ?
专注分享java语言的经验与见解,让所有开发者获益!
评论