1. 在SecurityFilterChain中设置免登录接口地址。如果定义了多个SecurityFilterChain,并且前面的SecurityFilterChain里使用了anyRequest().authenticated(),后面的免登录可能会失效。
@Configuration
@EnableWebSecurity
public class SecurityConfig {@Beanpublic SecurityFilterChain filterChain(HttpSecurity http) throws Exception {http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/api1/**", "/api2/**").permitAll().anyRequest().authenticated());return http.build();}}
2. 使用WebSecurityCustomizer设置免登录接口地址。这里设置的免登录接口地址是优先于SecurityFilterChain进行判定的。
@Configuration
public class SecurityConfiguration {@Beanpublic WebSecurityCustomizer webSecurityCustomizer() {return (web) -> web.ignoring().requestMatchers("/ignore1/**", "/ignore2/**");}
}