我尝试使用配置在 Spring 中拥有两个安全领域,但没有成功,我遵循了几个在线教程,但没有成功,我最接近的是拥有两个安全领域,但无法同时运行它们
这是我的设置代码
安全配置:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("MvcSecurityConfig Init");
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Configuration
@Order(301)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.antMatchers("/api/**").hasRole("USER")
.and()
.httpBasic();
}
}
@Configuration
@Order(302)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/signup", "/about").permitAll()
.anyRequest().hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
}
}
初始化配置
public class AppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
// Create the 'root' Spring application context
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.register(RootConfiguration.class);
// Manage the lifecycle of the root application context
container.addListener(new ContextLoaderListener(rootContext));
AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
dispatcherServlet.register(MvcConfig.class);
// Register and map the dispatcher servlet
ServletRegistration.Dynamic dispatcher = container.addServlet("dispatcher", new DispatcherServlet(dispatcherServlet));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
rootContext.register(WebSecurityConfig.class);
container.addFilter("rest-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/api/*");
/*container.addFilter("mvc-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/*");*/
}
}
有什么建议吗?
谢谢
最佳答案
将内部静态类分离到它们自己的文件中(两个文件上都带有注释 @Configuration
,第二个文件上带有 @EnableWebSecurity
注释),并创建另一个导入它们的类:
@Configuration
@Import({ApiWebSecurityConfigurationAdapter.class, FormLoginWebSecurityConfigurerAdapter.class})
public class SecurityConfig {
}
并在Startup上注册它 rootContext.register(SecurityConfig.class);
关于java - 使用 Spring Security @configuration 的同一应用程序中的两个领域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32742847/