AntPathMatcher通配符规则
官方示例:
The mapping matches URLs using the following rules:
?matches one character*matches zero or more characters**matches zero or more directories in a path{spring:[a-z]+}matches the regexp[a-z]+as a path variable named "spring"
Examples
com/t?st.jsp— matchescom/test.jspbut alsocom/tast.jsporcom/txst.jspcom/*.jsp— matches all.jspfiles in thecomdirectorycom/**/test.jsp— matches alltest.jspfiles underneath thecompathorg/springframework/**/*.jsp— matches all.jspfiles underneath theorg/springframeworkpathorg/**/servlet/bla.jsp— matchesorg/springframework/servlet/bla.jspbut alsoorg/springframework/testing/servlet/bla.jspandorg/servlet/bla.jspcom/{filename:\\w+}.jspwill matchcom/test.jspand assign the valuetestto thefilenamevariable
Note: a pattern and a path must both be absolute or must both be relative in order for the two to match. Therefore it is recommended that users of this implementation to sanitize patterns in order to prefix them with "/" as it makes sense in the context in which they're used.
- Since:
- 16.07.2003
- Author:
- Alef Arendsen, Juergen Hoeller, Rob Harrop, Arjen Poutsma, Rossen Stoyanchev, Sam Brannen
补充示例:
- /** — 特殊字符串,匹配所有路径
- ** — 特殊字符串,匹配所有路径
- /bla/** — 匹配所有以/bla/开头的路径
AntPathRequestMatcher的构造函数
public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive, UrlPathHelper urlPathHelper) { Assert.hasText(pattern, "Pattern cannot be null or empty"); this.caseSensitive = caseSensitive; if (!pattern.equals("/**") && !pattern.equals("**")) { if (pattern.endsWith("/**") && pattern.indexOf(63) == -1 && pattern.indexOf(123) == -1 && pattern.indexOf(125) == -1 && pattern.indexOf("*") == pattern.length() - 2) { this.matcher = new AntPathRequestMatcher.SubpathMatcher(pattern.substring(0, pattern.length() - 3), caseSensitive); } else { this.matcher = new AntPathRequestMatcher.SpringAntMatcher(pattern, caseSensitive); } } else { pattern = "/**"; this.matcher = null; } this.pattern = pattern; this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null; this.urlPathHelper = urlPathHelper; }
对某些路径放开csrf限制:
对以/outer/开头的所有路径放开csrf限制:
public class FactorySecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.httpBasic().disable(); http.csrf().ignoringAntMatchers("/outer/**") .and().authorizeRequests().antMatchers("/**").permitAll(); super.configure(http); } }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· winform 绘制太阳,地球,月球 运作规律
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理