您可以使用
authenticated()和
permitAll()方法来决定要允许的请求以及停止哪个请求。 如果您通过请求匹配器的列表,则可以像下面的过滤链配置过滤链
List<RequestMatcher> match = ...
List<RequestMatcher> notMatch = ...
@Bean
SecurityFilterChain configureSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(match.toArray(RequestMatcher[]::new)).authenticated()
.requestMatchers(notMatch.toArray(RequestMatcher[]::new)).permitAll())
.httpBasic(Customizer.withDefaults())
.formLogin(Customizer.withDefaults())
.build();
}