阅读完需:约 2 分钟
在使用spring security做登陆鉴权。登陆界面相关CSS和JS,以及部分api接口需要忽略,于是代码中用到了anyMatchers。
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
// allow anonymous resource requests
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
)
// Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
.and()
.ignoring()
.antMatchers("/h2-console/**/**");
}
类似于正则的**或者*都表示什么含义呢?查询了相关文档,简单的做一下总结,方便日后查询。
- ?匹配一个字符(matches one character)。
- * 匹配0个或者多个字符 ( matches zero or more characters)。
- ** 匹配url中的0个或多个子目录 (matches zero or more directories in a path)
- {spring:[a-z]+} 匹配满足正则表达式[a-z]+的路径,这些路径赋值给变量”spring” (matches the regexp
[a-z]+
as a path variable named “spring”)
例子:
- com/t?st.jsp 匹配com/test.jsp,也匹配com/tast.jsp或者com/txst.jsp (matches com/test.jsp but also com/tast.jsp or com/txst.jsp)
- com/*.jsp 匹配com路径下所有的.jsp文件。个人理解这里应该是直接包含的,不支持递归,比如com/good/*.jsp应该是匹配不上的。(matches all *.jsp files in the com directory)
- com/**/test.jsp 匹配com路径下所有的test.jsp文件。个人理解这里是支持递归的,表示com路径下所有的test.jsp文件,例如:com/1/test.jsp, com/2/test.jsp, com/test.jsp 或者 com/java/1/test.jsp应该都可以匹配成功。(matches all test.jsp files underneath the com path)
- org/springframework/**/*.jsp 匹配 org/springframework路径下所有的jsp文件。(matches all .jsp files underneath the org/springframework path)
- org/**/servlet/bla.jsp 匹配org/springframework/servlet/bla.jsp,同时也匹配 org/springframework/testing/servlet/bla.jsp和org/servlet/bla.jsp (matches org/springframework/servlet/bla.jsp but also org/springframework/testing/servlet/bla.jsp and org/servlet/bla.jsp)
- com/{filename:\\w+}.jsp 匹配com/test.jsp 同时将”test”赋值给变量”filename”。(match com/test.jsp and assign the value “test” to the “filename” variable)