Spring Security无法放行静态资源

Question

Spring Security为什么mvcMatchers可以放行静态资源，antMatchers却依旧会被拦截呢？

Answer 1

这两个方法其实差不多，ant 模式只遵循 ant-style 模式的匹配，而mvc 模式提供更加丰富的匹配模式。

• antMatchers("/secured") matches only the exact /secured URL
• mvcMatchers("/secured") matches /secured as well as /secured/, /secured.html, /secured.xyz

AbstractRequestMatcherRegistry#mvcMatchers 上面的注释也说得很清楚

Maps an {@link MvcRequestMatcher} that does not care which {@link HttpMethod} is used. This matcher will use the same rules that Spring MVC uses for matching. For example, often times a mapping of the path "/path" will match on "/path", "/path/", "/path.html", etc.If the current request will not be processed by Spring MVC, a reasonable default using the pattern as a ant pattern will be used.

基本可以说ant 是 mvc的真子集，主要还是 MatchableHandlerMapping 提供了丰富的扩展，具体也可以参考MvcRequestMatcher的代码。

stackoverflow 又类似的问题：https://stackoverflow.com/que...