一.概述
最新的spring security的访问控制推荐使用
Authorize HttpServletRequests with AuthorizationFilter :: Spring Security
官方描述如下,建议使用AuthorizationFilter替换FilterSecurityInterceptor
二.注意点
使用FilterSecurityInterceptor
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
// ...
.authorizeRequests(authorize -> authorize
.mvcMatchers("/resources/**", "/signup", "/about").permitAll()
.mvcMatchers("/admin/**").hasRole("ADMIN")