就如同静态资源一样,我们不希望请求时需要认证,而是直接返回结果。
接下来我使用自定义注解完成匿名访问(以@AnonymousGetMapping举例)
第一步:我们需要写一个匿名访问的注解@AnonymousGetMapping,其中我们需要此注解也注解上@AnonymousAccess,保证在后续过程中获取匿名访问的url。
@AnonymousAccess@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)@Documented@RequestMapping(method= RequestMethod.GET)public @interfaceAnonymousGetMapping{/**
* Alias for {@link RequestMapping#name}.
*/@AliasFor(annotation= RequestMapping.class)
Stringname()default"";/**
* Alias for {@link RequestMapping#value}.
*/@AliasFor(annotation= RequestMapping.class)
String[]value()default{};/**
* Alias for {@link RequestMapping#path}.
*/@AliasFor(annotation= RequestMapping.class)
String[]path()default{};/**
* Alias for {@link RequestMapping#params}.
*/@AliasFor(annotation= RequestMapping.class)
String[]params()default{};/**
* Alias for {@link RequestMapping#headers}.
*/@AliasFor(annotation= RequestMapping.class)
String[]headers()default{};/**
* Alias for {@link RequestMapping#consumes}.
*
* @since 4.3.5
*/@AliasFor(annotation= RequestMapping.class)
String[]consumes()default{};/**
* Alias for {@link RequestMapping#produces}.
*/@AliasFor(annotation= RequestMapping.class)
String[]produces()default{};}
/**
* @author jacky
* 用于标记匿名访问方法
*/@Inherited@Documented@Target({ElementType.METHOD,ElementType.ANNOTATION_TYPE})@Retention(RetentionPolicy.RUNTIME)public @interfaceAnonymousAccess{}
第二步:我们写完这个注解以后将需要完成不拦截的业务逻辑代码。
在我们上一篇博客中提到了继承了WebSecurityConfigurerAdapter的SpringSecurityConfig类,当中我们重写了configure方法,接下来我们只需要获取使用@AnonymousGetMapping 注解的url,将此url加入不拦截的配置当中就可以了。
2.1 获取匿名标记url
RequestMappingHandlerMapping requestMappingHandlerMapping=(RequestMappingHandlerMapping) applicationContext.getBean("requestMappingHandlerMapping");
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap= requestMappingHandlerMapping.getHandlerMethods();// 获取匿名标记
Map<String, Set<String>> anonymousUrls=getAnonymousUrl(handlerMethodMap);
然后自定义方法获取匿名标记得到url
private Map<String, Set<String>>getAnonymousUrl(Map<RequestMappingInfo, HandlerMethod> handlerMethodMap){
Map<String, Set<String>> anonymousUrls=newHashMap<>(6);
Set<String> get=newHashSet<>();
Set<String> post=newHashSet<>();
Set<String> put=newHashSet<>();
Set<String> patch=newHashSet<>();
Set<String> delete=newHashSet<>();
Set<String> all=newHashSet<>();for(Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry: handlerMethodMap.entrySet()){
HandlerMethod handlerMethod= infoEntry.getValue();
AnonymousAccess anonymousAccess= handlerMethod.getMethodAnnotation(AnonymousAccess.class);if(null!= anonymousAccess){
List<RequestMethod> requestMethods=newArrayList<>(infoEntry.getKey().getMethodsCondition().getMethods());
RequestMethodEnum request= RequestMethodEnum.find(requestMethods.size()==0? RequestMethodEnum.ALL.getType(): requestMethods.get(0).name());switch(Objects.requireNonNull(request)){case GET:
get.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;case POST:
post.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;case PUT:
put.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;case PATCH:
patch.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;case DELETE:
delete.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;default:
all.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());break;}}}
anonymousUrls.put(RequestMethodEnum.GET.getType(), get);
anonymousUrls.put(RequestMethodEnum.POST.getType(), post);
anonymousUrls.put(RequestMethodEnum.PUT.getType(), put);
anonymousUrls.put(RequestMethodEnum.PATCH.getType(), patch);
anonymousUrls.put(RequestMethodEnum.DELETE.getType(), delete);
anonymousUrls.put(RequestMethodEnum.ALL.getType(), all);return anonymousUrls;}
2.2 在配置中添加不需要验证的请求
.antMatchers(HttpMethod.GET, anonymousUrls.get(RequestMethodEnum.GET.getType()).toArray(newString[0])).permitAll()// POST.antMatchers(HttpMethod.POST, anonymousUrls.get(RequestMethodEnum.POST.getType()).toArray(newString[0])).permitAll()// PUT.antMatchers(HttpMethod.PUT, anonymousUrls.get(RequestMethodEnum.PUT.getType()).toArray(newString[0])).permitAll()// PATCH.antMatchers(HttpMethod.PATCH, anonymousUrls.get(RequestMethodEnum.PATCH.getType()).toArray(newString[0])).permitAll()// DELETE.antMatchers(HttpMethod.DELETE, anonymousUrls.get(RequestMethodEnum.DELETE.getType()).toArray(newString[0])).permitAll()