最近在使用spring security做登陆鉴权。登陆界面相关CSS和JS,以及部分api接口需要忽略,于是代码中用到了anyMatchers。如下所示:
1 @Override 2 public void configure(WebSecurity web) throws Exception { 3 // AuthenticationTokenFilter will ignore the below paths 4 web 5 .ignoring() 6 .antMatchers( 7 HttpMethod.POST, 8 authenticationPath 9 ) 10 11 // allow anonymous resource requests 12 .and() 13 .ignoring() 14 .antMatchers( 15 HttpMethod.GET, 16 "/", 17 "/*.html", 18 "/favicon.ico", 19 "/**/*.html", 20 "/**/*.css", 21 "/**/*.js" 22 ) 23 24 // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production) 25 .and() 26 .ignoring() 27 .antMatchers("/h2-console/**/**"); 28 }
类似于正则的**或者*都表示什么含义呢?查询了相关文档,简单的做一下总结,方便日后查询。
- ?匹配一个字符(matches one character)。
- * 匹配0个或者多个字符 ( matches zero or more characters)。
- ** 匹配url中的0个或多个子目录 (matches zero or more directories in a path)
- {spring:[a-z]+} 匹配满足正则表达式[a-z]+的路径,这些路径赋值给变量"spring" (matches the regexp
[a-z]+
as a path variable named "spring")
例子:
- com/t?st.jsp 匹配com/test.jsp,也匹配com/tast.jsp或者com/txst.jsp (matches com/test.jsp but also com/tast.jsp or com/txst.jsp)
- com/*.jsp 匹配com路径下所有的.jsp文件。个人理解这里应该是直接包含的,不支持递归,比如com/good/*.jsp应该是匹配不上的。(matches all *.jsp files in the com directory)
- com/**/test.jsp 匹配com路径下所有的test.jsp文件。个人理解这里是支持递归的,表示com路径下所有的test.jsp文件,例如:com/1/test.jsp, com/2/test.jsp, com/test.jsp 或者 com/java/1/test.jsp应该都可以匹配成功。(matches all test.jsp files underneath the com path)
- org/springframework/**/*.jsp 匹配 org/springframework路径下所有的jsp文件。(matches all .jsp files underneath the org/springframework path)
- org/**/servlet/bla.jsp 匹配org/springframework/servlet/bla.jsp,同时也匹配 org/springframework/testing/servlet/bla.jsp和org/servlet/bla.jsp (matches org/springframework/servlet/bla.jsp but also org/springframework/testing/servlet/bla.jsp and org/servlet/bla.jsp)
- com/{filename:\\w+}.jsp 匹配com/test.jsp 同时将"test"赋值给变量"filename"。(match com/test.jsp and assign the value "test" to the "filename" variable)
参考:
https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/util/AntPathMatcher.html
https://www.w3schools.com/jsref/jsref_regexp_wordchar.asp