Spring Security，授权访问，拒绝特定的URL

Question

我想知道是否有可能为所有用户提供对特定URL的访问权？ 我休息控制器：

@RestController 
@RequestMapping("/travel/") 
public class TravelController { 

@RequestMapping(value = { "/" }, method = { RequestMethod.POST }) 
public String newTravel(HttpEntity<String> httpEntity) 
{ 
... 
return null; 
} 

@RequestMapping(value = { "/follow/{travelId}/{email}/" }, method = { RequestMethod.POST }) 
public ResponseEntity<String> followTravel(@PathVariable int travelId,@PathVariable String email, HttpEntity<String> httpEntity) 
{ 
... 
} 

我想限制对所有POST身份验证的用户，但授权followTravel()给所有用户。

我的安全配置是：

@Override 
    protected void configure(HttpSecurity http) throws Exception 
    { 
     http.csrf() // 
       .disable() // 
       .authorizeRequests() // 
       .antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated 
       .anonymous() // 
       .antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated 
       .authenticated() // 
       .antMatchers(HttpMethod.PUT, "/**") // permit all PUT to authenticated 
       .authenticated() // 
       .antMatchers(HttpMethod.DELETE, "/**") // permit all DELETE to authenticated 
       .authenticated() // 
       .anyRequest() // 
       .permitAll() // 
       .and() // 
       .httpBasic() // 
       .and() // 
       .sessionManagement() // 
       .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); 
     // .sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    } 

我试过设置

.antMatchers(HttpMethod.POST, "/travel/follow/**") // permit all POST to authenticated 
    .anonymous() // 

之前或之后

   .antMatchers(HttpMethod.POST, "/**") // permit all POST to authenticated 
       .authenticated() // 

，但没有成功。我通常在SO中找到答案，但没有为这个答案。

感谢

Answer 1

我发现错误，配置是正确的，但安全没有正确定义，有延长WebSecurityConfigurerAdapter和一个我修改是从来不读2班。

Answer 2

你试过：

.antMatchers(HttpMethod.POST, YOUR_FINAL_STATIC_STRING_URL).permitAll();