问题描述
我有一个SpringBoot应用程序,并且想要检测正在调用的活动端点,因此我可以允许该请求未经身份验证。
当我发出此请求时:
http://localhost:8080/001/MyApp/actuator/health/liveness
new AntPathRequestMatcher("/**liveness")是否会导致isWhitelisted返回true?
public RequestMatcher getRequestMatcher() {
return new OrRequestMatcher(
new AntPathRequestMatcher("/error"),new AntPathRequestMatcher("/login**"),new AntPathRequestMatcher("/**logout"),new AntPathRequestMatcher("/**liveness"));
}
public boolean isWhitelisted(HttpServletRequest httpServletRequest) {
return getRequestMatcher().matches(httpServletRequest);
}
System.out.println(requestPropertyResolver.isWhitelisted(httpServletRequest));
解决方法
相反,需要此:
return new OrRequestMatcher(
new AntPathRequestMatcher("/error"),new AntPathRequestMatcher("/login**"),new AntPathRequestMatcher("/**logout"),new AntPathRequestMatcher("/**/liveness"));
/**/-匹配路径中的零个或多个“目录”,因此需要结束目录树