在Spring Security6.2.2中AuthenticationFailureHandler、AuthorizeRequests已弃用,这个问题研究了很久。
经过百度搜索和chatGPT查询,重要找到了解决方法,直接放代码。
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig{
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers("/captcha").permitAll() // 将/captcha路径设置为白名单
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
return http.build();
}
}
代码中的“/captcha”就是要变为不需要验证登录的路径。
小白一个,如果有不对的地方还请大神指正!