Spring Security，授權訪問，拒絕特定的URL

Question

我想知道是否有可能爲所有用戶提供對特定URL的訪問權？ 我休息控制器：

@RestController 
@RequestMapping("/travel/") 
public class TravelController { 

@RequestMapping(value = { "/" }, method = { RequestMethod.POST }) 
public String newTravel(HttpEntity<String> httpEntity) 
{ 
... 
return null; 
} 

@RequestMapping(value = { "/follow/{travelId}/{email}/" }, method = { RequestMethod.POST }) 
public ResponseEntity<String> followTravel(@PathVariable int travelId,@PathVariable String email, HttpEntity<String> httpEntity) 
{ 
... 
} 

我想限制對所有POST身份驗證的用戶，但授權followTravel()給所有用戶。

我的安全配置是：

@Override 
    protected void configure(HttpSecurity http) throws Exception 
    { 
     http.csrf() // 
       .disable() // 
       .authorizeRequests() // 
       .antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated 
       .anonymous() // 
       .antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated 
       .authenticated() // 
       .antMatchers(HttpMethod.PUT, "/**") // permit all PUT to authenticated 
       .authenticated() // 
       .antMatchers(HttpMethod.DELETE, "/**") // permit all DELETE to authenticated 
       .authenticated() // 
       .anyRequest() // 
       .permitAll() // 
       .and() // 
       .httpBasic() // 
       .and() // 
       .sessionManagement() // 
       .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); 
     // .sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    } 

我試過設置

.antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated 
    .anonymous() // 

之前或之後

   .antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated 
       .authenticated() // 

，但沒有成功。我通常在SO中找到答案，但沒有爲這個答案。

感謝

Answer 1

我發現錯誤，配置是正確的，但安全沒有正確定義，有延長WebSecurityConfigurerAdapter和一個我修改是從來不讀2班。

Answer 2

你試過：

.antMatchers(HttpMethod.POST, YOUR_FINAL_STATIC_STRING_URL).permitAll();