【发布时间】:2016-08-16 14:55:48
【问题描述】:
我正在使用带有注释和 Spring Security 的 Spring Boot。
我需要实现两种不同的身份验证:
- ProviderApiAuthenticationProvider仅用于“/providerrpc”和“/api/(system|provider|drm)/”
- TestAuthFilter(自定义身份验证器,现在为空),仅用于“/test/**”
在 both URL 的应用程序请求的当前配置中,httpBasic 身份验证和 TestAuthFilter::doFilter() 也在这两个 URL 上调用。 那么,怎么了?
WebSecurityConfig.java:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final ProviderApiAuthenticationProvider providerApiAuthenticationProvider;
private final TestAuthFilter testAuthFilter;
@Autowired
public WebSecurityConfig(TestAuthFilter testAuthFilter, ProviderApiAuthenticationProvider providerApiAuthenticationProvider) {
this.testAuthFilter = testAuthFilter;
this.providerApiAuthenticationProvider = providerApiAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(providerApiAuthenticationProvider);
}
@SuppressWarnings("SpellCheckingInspection")
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authenticationProvider(providerApiAuthenticationProvider)
.authorizeRequests()
.regexMatchers(
"^/providerrpc/",
"^/api/(system|provider|drm)/"
)
.hasAuthority(Role.ROLE_PROVIDER_API.getAuthority())
.and()
.httpBasic()
.realmName("Provider API")
.and()
.addFilterBefore(testAuthFilter, BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers(
"/test/**"
)
.authenticated()
.anyRequest()
.permitAll()
;
}
}
TestAuthFilter.java:
@Component
public class TestAuthFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO: Later implement via SecurityContextHolder.getContext().setAuthentication();
chain.doFilter(request,response);
}
}
【问题讨论】:
-
是的,怎么了?您实际上没有说明您遇到了什么问题。您可能想用您想要实现的目标以及您的代码未实现目标的原因来编辑问题。
标签: java spring spring-mvc spring-security