这是我的 Spring 配置:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class X509Configuration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/ws/items.wsdl");
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests()
.antMatchers("/ws/items.wsdl").permitAll()
.and()
// require authorization for everything else
.authorizeRequests()
.anyRequest().authenticated()
.and()
.x509()
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
.userDetailsService(userDetailsService())
.and()
.csrf().disable()
// configure form login
.formLogin().disable()
// configure logout
.logout().disable();
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) {
if (username.equals("cid")) {
return new User(username, "",
AuthorityUtils
.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
throw new UsernameNotFoundException("User not found!");
}
};
}
}
这些是 SSL 设置:
server:
port: 8443
ssl:
enabled: true
key-store: 'classpath:keystore.jks'
key-store-password: 'changeit'
key-password: 'changeit'
trust-store: 'classpath:truststore.jks'
trust-store-password: 'changeit'
client-auth: need
我想要的是忽略 SSL 或允许我的所有 WSDL 站点。 但是使用此配置它不起作用。我收到以下错误:
http https://localhost:8443/ws/items.wsdl http: error: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) while doing GET request to URL: https://localhost:8443/ws/items.wsdl
我不想使用 ca 签名证书。 (使用签名证书它可以工作。) 我怎样才能做到这一点?我有哪些选择?
最佳答案
删除这个:
.authorizeRequests()
.antMatchers("/ws/items.wsdl").permitAll()
网络配置说忽略该路径,但您的 http 安全性说要通过身份验证对该路径发出请求。
关于ssl - 如何忽略 Spring Security 和 SSL 的某些路径?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40492809/